16

I have an Apache server that, for the time being, I need to block access to for all but a select group of people. The easiest way to do this, I thought, would be to deny access from all traffic and then allow only the select few IP addresses. From what I have found online, this configuration should do the trick.

This is the entire contents of /etc/apache2/sites-available/000-default.conf:

 <VirtualHost *:80> ServerAdmin webmaster@localhost DocumentRoot /var/www/html <Directory /var/www/html> Order allow,deny Deny from all Allow from my.ip.add.res </Directory> ErrorLog ${APACHE_LOG_DIR}/error.log CustomLog ${APACHE_LOG_DIR}/access.log combined </VirtualHost>

However, when I test it, I get 403'd from everywhere, including the allowed "my.ip.add.res" IP address.

I've spent quite a lot of time Googling, but from what I can tell, this should work perfectly. Not sure why it isn't. Am I missing something obvious?

Improve this question
1
  • First of all, are you using Apache 2.4, as indicated in your tag, or are you using Apache 2.2, as indicated by the access control directives in your v-host configuration? Commented May 12, 2016 at 1:20

3 Answers 3

Reset to default
20

If you are using Apache 2.4, make sure that you LOAD the authz_core module,

DELETE:

Order allow,deny Deny from all Allow from my.ip.add.res

and, in place of the deleted directives,

INSERT:

Require ip xxx.xxx.xxx.xxx

If you are using Apache 2.2, make sure that you LOAD the authz_host module,

DELETE:

Order allow,deny Deny from all Allow from my.ip.add.res

and, in place of the deleted directives,

INSERT:

Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx
Improve this answer
6
  • Ah, that's it. I had no idea that the directives had changed from 2.2 to 2.4 (and I didn't do the initial install of this machine). Thanks heaps! Commented May 12, 2016 at 1:56
  • I have apache 2.4.7 and I tried using the first way you showed but I get You don't have permission to access / on this server. I got my ip address from this website whatismyipaddress.com <Directory /var/www/stage/> Require ip 77.138.205.207 </Directory> Why can't I access it? Commented Oct 18, 2018 at 9:26
  • @OffirPe'er you need to ask your own separate question after reading the Help Section on asking questions. You can link to this answer if it helps ask your new question, but you need to (1) have your own question so that the whole community sees and help with it, and (2) include your own particular details in that question. Commented Oct 18, 2018 at 11:32
  • @Colt Apachi 2.4.8 - How to put multiple IPs? Require ip 1.2.3.4 works but Require ip 1.2.3.4 5.6.7.8 errors in apache restart. Commented Oct 14, 2020 at 19:47
  • @Rahatur Although the syntax you show is correct per Apache documentation, you can try stacking them up, e.g. Require ip 1.2.3.4 on one line and Require ip 5.6.7.8 on the next line. I have the latter working just fine on a server right now. If neither works, I suspect some other issue and you should ask a new question. Commented Oct 15, 2020 at 10:28
3

Colt's answer is the right one. I thought I'll share a functioning example from Apache 2.4, virtualhost.conf

Here's a directive that blocks access to /admin URL (not directory) to internal IPs on my network only.

<Location /admin> Require ip 192.168.1.0/24 </Location>
Improve this answer
0

I wanted to access the PHPMyAdmin with a specific IP address, I have tried with below it didn't work

Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx

Tried the below and it worked for me, First, check the apache module mod_access_compat should be present, and add the below in the virtual host.

 Alias /phpmyadmin /var/www/phpmyadmin <Directory /var/www/phpmyadmin> Require ip xx.xxxx.xx.xx xx.xx.xx.xx </Directory>
Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.