logo
Apache Lounge
Webmasters

 


About

Forum Index Downloads Search Register Log in  RSS Apache Lounge
 


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Apache Lounge is not sponsored.

Your donations will help to keep this site alive and well, and continuing building binaries.




ip whitelist

 
Post new topic   Reply to topic    Apache Forum Index -> Apache



View previous topic :: View next topic  
Author Message
Megunticook



Joined: 03 Feb 2018
Posts: 11
Location: Maine

PostPosted: Mon 05 Feb '18 22:07    Post subject: ip whitelist Reply with quote

Trying to keep everyone out but me from a directory using .htaccess. Looked at Apache 2.4 documentation and surmised that this would work:

Code:
<RequireAll>
   Require ip 12.34.56.78
</RequireAll>


But when I added this to the .htaccess file and tested it (changing the ip to something other than mine to see if it would block me), it did not work--I was able to get in fine.

What am I missing? Pardon me if it's something obvious, am new to Apache administration.
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 60
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Wed 07 Feb '18 0:06    Post subject: Reply with quote

Hello,

Question have you checked, that mod_authz_core (and mod_authz_host) is loaded within your apache's config?

Question And is "AllowOverride All" set for the directory where you are using the .htaccess instead of the default "AllowOverride None"?

I have tested your .htaccess-content at my local apache-server - was working fine. Smile - only access from the mentioned ip was possible - all other requests ended with a 403.
As you have only one "Require..." you can omit the surrounding "<RequireAll>" + "</RequireAll>"

Another way to only allow one host is using a firewall:
    iptables on linux
    there is something on windows, too
    or a REAL firewall Wink


And ensure that you are really using Apache 2.4 Wink as Apache 2.2 uses a different way achieve the same result.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6391
Location: Germany, Next to Hamburg

PostPosted: Thu 08 Feb '18 15:54    Post subject: Reply with quote

Code:

<RequireAll>
    Require all denied
    Require ip 192.168.0.1
</RequireAll>
Back to top
Megunticook



Joined: 03 Feb 2018
Posts: 11
Location: Maine

PostPosted: Mon 12 Feb '18 18:06    Post subject: Reply with quote

Thanks, I will check on mod_authz_core and mod_authz_host and report back.
Back to top
Megunticook



Joined: 03 Feb 2018
Posts: 11
Location: Maine

PostPosted: Sat 03 Mar '18 0:30    Post subject: Reply with quote

I checked to see which Apache modules are loaded and these two modules were included in the list:

Code:

Loaded Modules:
authz_core_module (shared)
authz_host_module (shared)


Is that the same as mod_authz_core and mod_authz_host?

This is an Amazon AWS EC2 server.

Code:
Server version: Apache/2.4.27 (Amazon)
Server built:   Sep 24 2017 23:19:50



Thanks.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 6391
Location: Germany, Next to Hamburg

PostPosted: Thu 08 Mar '18 10:42    Post subject: Reply with quote

Yes you need mod_authz_host
See the examples from the docs https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html
Back to top


Post new topic   Reply to topic    Apache Forum Index -> Apache
Page 1 of 1