logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: ip whitelist
Author
Megunticook



Joined: 03 Feb 2018
Posts: 12
Location: Maine

PostPosted: Mon 05 Feb '18 22:07    Post subject: ip whitelist Reply with quote

Trying to keep everyone out but me from a directory using .htaccess. Looked at Apache 2.4 documentation and surmised that this would work:

Code:
<RequireAll>
   Require ip 12.34.56.78
</RequireAll>


But when I added this to the .htaccess file and tested it (changing the ip to something other than mine to see if it would block me), it did not work--I was able to get in fine.

What am I missing? Pardon me if it's something obvious, am new to Apache administration.
Back to top
mraddi



Joined: 27 Jun 2016
Posts: 149
Location: Schömberg, Baden-Württemberg, Germany

PostPosted: Wed 07 Feb '18 0:06    Post subject: Reply with quote

Hello,

Question have you checked, that mod_authz_core (and mod_authz_host) is loaded within your apache's config?

Question And is "AllowOverride All" set for the directory where you are using the .htaccess instead of the default "AllowOverride None"?

I have tested your .htaccess-content at my local apache-server - was working fine. Smile - only access from the mentioned ip was possible - all other requests ended with a 403.
As you have only one "Require..." you can omit the surrounding "<RequireAll>" + "</RequireAll>"

Another way to only allow one host is using a firewall:
    iptables on linux
    there is something on windows, too
    or a REAL firewall Wink


And ensure that you are really using Apache 2.4 Wink as Apache 2.2 uses a different way achieve the same result.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Thu 08 Feb '18 15:54    Post subject: Reply with quote

Code:

<RequireAll>
    Require all denied
    Require ip 192.168.0.1
</RequireAll>
Back to top
Megunticook



Joined: 03 Feb 2018
Posts: 12
Location: Maine

PostPosted: Mon 12 Feb '18 18:06    Post subject: Reply with quote

Thanks, I will check on mod_authz_core and mod_authz_host and report back.
Back to top
Megunticook



Joined: 03 Feb 2018
Posts: 12
Location: Maine

PostPosted: Sat 03 Mar '18 0:30    Post subject: Reply with quote

I checked to see which Apache modules are loaded and these two modules were included in the list:

Code:

Loaded Modules:
authz_core_module (shared)
authz_host_module (shared)


Is that the same as mod_authz_core and mod_authz_host?

This is an Amazon AWS EC2 server.

Code:
Server version: Apache/2.4.27 (Amazon)
Server built:   Sep 24 2017 23:19:50



Thanks.
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7288
Location: Germany, Next to Hamburg

PostPosted: Thu 08 Mar '18 10:42    Post subject: Reply with quote

Yes you need mod_authz_host
See the examples from the docs https://httpd.apache.org/docs/2.4/mod/mod_authz_host.html
Back to top


Reply to topic   Topic: ip whitelist View previous topic :: View next topic
Post new topic   Forum Index -> Apache