I need to allow only specific IPs to access my site (www.domain.com/mysite). In htaccess I put this code:
ErrorDocument 403 /error403.html
order deny,allow
deny from all
allow from 1.1.1.1
But it looks for error403.html in root folder instead of "mysite" folder. I tried with ErrorDocument 403 /mysite/error403.html still doesn't work. I tried with RewriteBase /mysite also doesn't work.
So you're telling apache to not allow access to everything in /mysite, then you're telling apache to send any 403's (which is the result of attempting to access something in /mysite) to load a page in /mysute. So of course this isn't going to work. You're probably going to need to make an exception for /mysite/error403.html:
SetEnvIfNoCase Request_URI ^/mysite/error403.html$ allow_ok
ErrorDocument 403 /mysite/error403.html
order deny,allow
deny from all
allow from 1.1.1.1
allow from env=allow_ok
Related
I have a simple PHP website with a login page url like
http://sample.com/login
I need to restrict access to the login page from any IP addresses other than mine. But, I dont want to restrict access to any of the other pages on the site. I added the following code to the top of my .htaccess file, but it doesn't seem to be working correctly. Any help anyone can give me with the correct code to add to my .htaccess to only block access to /login/ from other IP's would be much appreciated!
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^xxx.xxx.xxx.xxx
RewriteRule ^/login/$ http://sample.com/$1 [L,R=301,NC]
You could use <Files ...>, which would block that specific file from access from everywhere but a given IP, using deny and allow. This is a relative path, and this .htaccess should be placed in the same folder as your login-file.
<Files login.php>
Order deny,allow
Deny from all
Allow from xxx.xxx.xxx.xxx
</Files>
Replace xxx.xxx.xxx.xxx with your IP. Remember that if you change IP-address (if its not static for example), this will not be a viable solution.
I'm trying to block bad bots from clicking certain links to one site running Apache 2.4. Here is what I am trying in htaccess:
RewriteEngine On
# Check for the suspect querystring first
RewriteCond %{QUERY_STRING} gclid=(.*)
RewriteRule .* - [E=IsAdClick:1]
# Filter on those requests with an ad string
<IfDefine IsAdClick>
# BAN USER BY IP
Order Deny,Allow
Deny from 172.64.0.0/13
Deny from 173.245.48.0/20
...
</IfDefine>
The deny rules work if they are by themselves, but for the life of me I cannot get the conditional to work. I've tried other things like
<If "%{QUERY_STRING} =~ /gclid=.*?/">
# BAN USER BY IP
Order Deny,Allow
Deny from 172.64.0.0/13
Deny from 173.245.48.0/20
...
</If>
but there is no effect. Traffic still comes through. What am I missing? I don't want to write a whole bunch of RewriteCond for each IP, nor change the .config files. Thanks.
Update: According to this SO post it seems that IfDefine only responds to command line parameters. Ref:
The IfDefine directive in Apache, Only , ONLY and when I say only i
mean ONLY, responds to parameters passed at the command line. Let me
emphasize that a little. ONLY COMMAND LINE!
How to achieve the effect I'm looking for though?
This took a lot of trial and error, but this seems to be working on THE_REQUEST which include any querystring data:
# Filter on those requests with an adwords string
<If "%{THE_REQUEST} =~ /gclid=/i">
# BAN USER BY IP
Order Deny,Allow
Deny from 172.64.0.0/13
Deny from 173.245.48.0/20
...
</If>
Still, I'd like to know why my second attempt in my question failed.
Directory viewing would render 403 upon wrong ip:
order deny,allow
deny from all
allow from 111.222.333.444
Simple and clear, so lets move on...
then tried to gobble up some code to render 404 instead of 403:
order deny,allow
deny from all
allow from 111.222.333.444
RedirectMatch 404 ".*\/\..*"
And the above does not work, what have I missed?
SPECS
1. .htaccess is inside a subdir
2. file is executed by virtualhost
NB
And by rendering, I mean recieving headers vs visual trickery.
Mod_rewrite can solve your problem.
Add the following to your htaccess.
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^1.2.3.5$
RewriteRule ^ - [R=404,L]
Replace 1.2.3.5 with your ip address.
How can I deny access to a directory in .htaccess?
I don't mean directory listing, I mean everything that is inside the directory along with the directory itself? It should give a 503 or 404 error.
I am talking about /img-sys and /java-sys which apparently do not exist (I did not create them), but still give a white screen when accessed rather than a 404 error.
Put this at the top of your .htaccess file:
RewriteRule ^(img-sys|java-sys) - [R=404]
This will do it. It'll just fail with a 403 Forbidden HTTP response code. Stick that in your VirtualHost block:
<LocationMatch "/(img|java)-sys">
Order allow,deny
Deny from all
</LocationMatch>
I'm trying to setup custom error pages.
I put the pages in /error/ in the document root. However, I think this may have a conflict as .htaccess can not access the file I specified.
I did set AllowOverride All in my apache config file.
If I go to /error/, a 403 error appears.
I can confirm that my .htaccess is being read, because if I enter some random text into the .htaccess, it will return a internal server error.
rewriting is enabled.
Here is my .htaccess
Options +FollowSymlinks
RewriteEngine On
RewriteBase /
<Files .htaccess>
order allow,deny
deny from all
</Files>
ErrorDocument 404 /error/noexist.html
If I put the error page in the document root and set it in the htaccess, it will read fine.
The problem is that it can't read the contents of the /error/ directory.
/error/ is a directory, right? The default Apache configuration is to return a 403 Forbidden status when trying to access the root of a directory that does not contain an index page unless Options +Indexes is set, which will cause the server to automatically generate and show a list of files and subdirectories.
If you want the error page to show in this case, you could try adding the same ErrorDocument line with 404 changed to 403.
Did you set directory permissions?
<Directory "C:/path/to/htdocs/error">
Options FollowSymLinks
Order allow,deny
Allow from all
</Directory>
I think this requires access to Apache's httpd.conf, though. Do you have access to that?