.htaccess deny access to specific dynamically generated url - apache

I would like to restrict access to a specific URL that's being generated, by IP address. For example:
http://www.domain.com/section.php/123/1/some-nice-text
can not be accessed by the IP 123.45.67.89.
So far, I've got:
<Limit GET POST HEAD>
order allow,deny
deny from 123.45.67.89
allow from all
</Limit>
but this blocks access to all the site for that IP.
I can't put the htacess in that path, as it doesn't actually exist. How can I edit the Limit condition to specify a path?

I'd use mod_rewrite. Something like this:
RewriteBase /
RewriteCond %{REMOTE_ADDR} =123.45.67.89
RewriteRule ^section.php/123/1/some-nice-text - [R=404,L,NC]
(Untested / season to taste.)
Update: For multiple addresses, you can use regexen and/or multiple RewriteConds combined with [OR]:
RewriteBase /
RewriteCond %{REMOTE_ADDR} =123.45.67.89 [OR]
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.9[0-4]$ [OR]
RewriteCond %{REMOTE_ADDR} ^123\.4\.56\.
RewriteRule ^section.php/123/1/some-nice-text - [R=404,L,NC]
(Still untested etc.)

Related

Only allow users from specific referrer (redirect the rest) - HTACCESS

I've been trying to block access from everyone that is trying to see a .php page without coming from my specific tracking link.
I want that if they're not coming from my link, they be redirected to another website.
I tried using .htaccess method as following:
RewriteEngine On
RewriteBase /
# allow these referers to passthrough
RewriteCond %{HTTP_REFERER} ^http://subdomain.domain.com
RewriteRule ^ - [L]
# redirect everything else
RewriteRule ^ http://anotherDomain.com/ [R,L]
this is because http://subdomain.domain.com is a tracking url that redirects to website.php but it seems that is not working, and despite any referrer, or even typing the url for website.php directly in toolbar is taking the user to website.php.
what I want to achieve is that only from subdomain.domain.com users can see website.php
thanks in advance.
You can do that using order deny,allow, put this into your .htaccess:
order deny,allow
deny from all
allow from subdomain.domain.com
This will deny everyone access unless they visit via subdomain.domain.com
Then to redirect the users who're not coming from subdomain.domain.com you can use:
RewriteCond %{HTTP_HOST} !^www\.subdomain.domain\.com [NC]
RewriteCond %{HTTP_HOST} !^$
RewriteRule ^/?(.*) http://www.example.com/$1 [L,R,NE]
For Apache 2.4:
You can use an IF directive since you're using 2.4:
<If "%{HTTP_HOST} != 'www.subdomain.domain.com'">
Redirect / http://www.example.com/
</If>
and for the order deny,allow add the following around it:
<Limit GET>
</Limit>
tl;dr
RewriteEngine On
RewriteCond "%{HTTP_REFERER}" "!your-valid-referer.example.com"
RewriteRule ^.*$ - [F]
Details
RewriteCond - do a comparison of:
"%{HTTP_REFERER}" - the current referer at the time of the request; against:
"!your-valid-referer.example.com" - the valid referer; and if it isn't:
RewriteRule ^.*$ - no matter what it is;
[F] - don't give access to it. Assign an HTTP status code of 403 aka Forbidden.
OP's case
RewriteEngine On
RewriteCond "%{HTTP_REFERER}" "!subdomain.domain.com"
RewriteRule ^ http://anotherDomain.com/ [R,L]

Block specific url for specific country via .htaccess

I'm looking to achieve blocking specific urls for 1 specific country via .htaccess. What I got so far is a block to the entire site, but what I'm looking is to block a specific url of the site. Here is what I got.
<Limit GET POST>
order allow,deny
deny from 2.20.179.0/24
deny from 2.20.185.0/24
deny from 2.22.230.0/24
deny from 2.136.0.0/15
deny from 2.138.0.0/15
allow from all
</Limit>
Having that, how could I block the url http://domain.com/en/profiles/kasper, for that specific IP ranges / country? What is the right way to include that url in the htaccess?
Thank you in advance
You can use mod_rewrite if you are in htaccess and want to block URLs for certain IPs:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^2\.20\.(179|185)\.(\d|1\d|2[0-4])$ [OR]
RewriteCond %{REMOTE_ADDR} ^2\.22\.230\.(\d|1\d|2[0-4])$ [OR]
RewriteCond %{REMOTE_ADDR} ^2\.(136|138)\.0\.0$
RewriteRule ^en/profiles/kasper(/.*)$ - [F,NC]

Htaccess deny specific get parameter

I want to do deny access to specific ip. I tried this htaccess code but didn't worked:
<Files "index.php?action=deny">
Order Allow,Deny
Deny from XXXX
Allow from all
</Files>
where XXXX is an ip address. how can I do something like that, so it will deny only specific get parameter and not the whole file?
In 2.4, use to check the query string
<If "%{QUERY_STRING} =~ /action=deny/">
Require all denied
</If>
In 2.2, use mod_rewrite:
RewriteEngine ON
RewriteCond %{QUERY_STRING} action=deny
RewriteRule index.php - [F]
Your pattern in Files directive is misleading. If you want to match the URL with action=deny query argument; you'd need to use <Location>:
<Location /index.php?action=deny>
You can use this rule in your root .htaccess:
RewriteEngine On
RewriteCond %{QUERY_STRING} ^action=deny$ [NC]
#RewriteCond %{REMOTE_ADDR} =11.22.33.44
RewriteRule ^index\.php$ - [F]
Replace 11.22.33.44 with your actual IP address

How to deny all when the host is a development server

Is it possible to set a "deny from all" only when the host of the website contains
.*\.dev\.site\.com$
When the url contains it i want to allow only ip adresses that are listed
order deny,allow
deny from all
allow from 63.162.42.59
allow from 95.56.43.101
When i move the website from the dev environment to a production server i don't want the deny all. I hope this check can be done automaticly
Try using mod_rewrite instead:
RewriteEngine On
RewriteCond %{HTTP_HOST} dev\.site\.com$ [NC]
RewriteCond %{REMOTE_ADDR} !^63\.162\.42\.59$
RewriteCond %{REMOTE_ADDR} !^95\.5\6.43\.101$
RewriteRule ^ - [L,F]

Redirect all IPs except those whitelisted

I want to protect some subdomains from the public. Restriction should be done against a whitelist of IPs.
Infinite loop due to the redirect is not a problem as its not the www-domain.
I tried this http://discussions.apple.com/message.jspa?messageID=2411725, but couldnt get it to work.
However I did try this first
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$ [OR]
RewriteCond %{REMOTE_ADDR} !^213\.45\.67\.89$
RewriteRule ^/.* http://www.mydomain.com [R]
.. but didnt work.
What am I doing wrong ?
This kind of thing is actually exactly what Apache's Allow and Deny directives are intended for. Inside the <VirtualHost> block for the domain you want to restrict access to, put this:
<Location />
Order allow,deny
Allow from all
Deny from 123.45.67.89
Deny from 213.45.67.89
</Location>
However, this would produce a 403 (forbidden) error, which doesn't redirect to your www domain by default. I think you can make it do so by adding the directive
ErrorDocument 403 http://www.example.com
You have to combine the RewriteCond directives with AND instead of OR as you want to redirect if both conditions are true (therefor the IP address is neither X nor Y). So try this:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
RewriteCond %{REMOTE_ADDR} !^213\.45\.67\.89$
RewriteRule ^ http://www.example.com/ [R]