I need to block access to a particular route in my web application using a .htaccess file for everyone except a list of IP's. When I say block and whitelist IP's I want to use the following on particular route
order deny,allow
deny from all
allow from 1.1.1.1
allow from 2.2.2.2
I tried using the Location directive, but it is not allowed in .htaccess.
I do not have access to the server config file since it is a managed hosting provider
The route I want to block is for eg: http://www.example.com/route1
Is there a way?
Thanks for the help in advance
You can definitely achieve this using multiple methods.
.htaccess files:
<files route1>
order deny,allow
deny from all
allow from my.ip.address
</files>
If you are looking at whitelisting multiple ip's I would suggest the follow method:
<Files myfile.php>
order deny,allow
deny from all
allow from env=allowip
#Office 1
#132.11.32.222
SetEnvIf X-FORWARDED-FOR "^132\.11\.32\.222" allowip
#Office 2
#142.11.32.222
SetEnvIf X-FORWARDED-FOR "^142\.11\.32\.222" allowip
</Files>
Related
so I have a config.json file which I want to block external connections for such as people accessing it directly, It's required for my script to run on so I want to whitelist only my own server which is hosting the file and not any external connections.
I tried this in my VirtualHost config but it doesn't seem to be working as it gives 403 forbidden error for even my script which is on the same server.
<Files config.json>
Order deny,allow
Deny from all
Allow from 127.0.0.1
</Files>
Please help, Thanks!
Try this:
<Files config.json>
Allow from 127.0.0.1
Order allow,deny
</Files>
In the following example, there is no authentication and all hosts in the 127.0.0.1 domain are allowed access; all other hosts are denied access.
2.2 configuration:
<Files config.json>
Order Deny,Allow
Deny from all
Allow from 127.0.0.1
</Files>
2.4 configuration:
<Files config.json>
Require host 127.0.0.1
</Files>
'...on the same server...' != 127.0.0.1! I suspect your script is running on the same server but it does accesses the server process via public IP address.
If I'm right there are two possiblities.
reconfigure your script to access via localhost or 127.0.0.1
replace the address in the Allow from statement with the servers address
P.S.: Sorry me and please be lenient with my English.
I have the situation when some IP must blocked and better way for this on my mind - htaccess. It cause I have many entry points. It easy and works fine...
I do:
<Files *>
Order allow,deny
deny from aaa.aaa.aaa.aaa/aa
deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
BUT! There one more things. I have a few devices which should be allowed access even if they go through the denied IP.
I can't install some module for Apache. So I need some simply way for decide it.
Can someone give me some ways or some tricks for it?
You need some way of identifying those devices, then you can add an environment variable to set up an exception and use access control by environment variable. For example, if you can do it by user-agent:
SetEnvIf User-Agent SpecialUA UAException=1
<Files *>
Order allow,deny
Allow from UAException=1
Deny from aaa.aaa.aaa.aaa/aa
Deny from bbb.bbb.bbb.bbb/bb
Allow from all
</Files>
See also SetEnvIf. I am linking to Apache 2.2 docs since you are using the old syntax which has been updated in 2.4.
Seen lots of info regarding this but can't figure out this scenario. I want to deny all uk ips but allow my own uk ip.
I have a big list of deny ip addresses which work fine and deny access, but I want to be able to access the site for obvious reasons!
Basically I'm creating a site for Irish consumer base and the owner wants to exclude the UK from accessing the site. But I need to access it still.
In your .htaccess file put this rule in same manner and write your ip's which are whitelisted in allow from your ip
<Directory "/">
order deny,allow
deny from all
allow from 127.0.0.1
allow from 127.0.0.2
</Directory>
Using Require
<RequireAll>
Require all granted
Require not ip 10.252.46.165
</RequireAll>
https://httpd.apache.org/docs/2.4/howto/access.html
Hi im trying to get some basic rules in htaccess working but not having much luck.
At the top of my file I want to block certain IP's and certain user agents so I have
## block specific IPs
Order Deny,Allow
Deny from 62.210.122.209
Deny from 109.184.114.247
## stop requests with user agent that includes these texts
BrowserMatchNoCase "xyz" bad_bot
Deny from env=bad_bot
this works fine on its own however I also need to stop all php scripts being accessed except for index.php and index2.php
## stop all php files from being accessed
<Files *.php>
deny from all
</Files>
## except for index and index2
<Files ~ "^index(2)?\.php$">
allow from all
</Files>
but once I add this I get partial access to the site even with my user agent containing xyz
/index.php is blocked
but
/administrator/index.php is still open to me
Found the answer .. simply use the environment variable setup in the first part to deny access under the files directive for index.php in the second.
I am aware that blocking by host extension can cause unwanted server load but which is correct? For example...
deny from *.ru
or
deny from .ru
It's deny from .ru, according to the Apache 2.2 mod_authz documentation which say the host syntax is identical to Allow. They provide an example:
Allow from apache.org
Allow from .net example.edu