Apache restrict access based on IP address to selected directories

by on April 22, 2006 · 8 comments· LAST UPDATED October 30, 2007

in , ,

Apache web server allows server access based upon various conditions. For example you just want to restrict access to url http://payroll.nixcraft.in/ (mapped to /var/www/sub/payroll directory) from 192.168.1.0/24 network (within intranet).

Apache provides access control based on client hostname, IP address, or other characteristics of the client request using mod_access module.

Open your httpd.conf file:
# vi /etc/httpd/conf/httpd.confLocate directory section (for example/var/www/sub/payroll) and set it as follows:
<Directory /var/www/sub/payroll/>
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>
Where,

  • Order allow,deny: The Order directive controls the default access state and the order in which Allow and Deny directives are evaluated. The (allow,deny) Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.
  • Allow from192.168.1.0/24: The Allow directive affects which hosts can access an area of the server (i.e. /var/www/sub/payroll/). Access is only allowed from network 192.168.1.0/24 and localhost (127.0.0.1).

Save file and restart apache web server:
# /etc/init.d/httpd restart

See also

TwitterFacebookGoogle+PDF versionFound an error/typo on this page? Help us!

{ 8 comments… read them below or add one }

1 Nabin Limbu September 21, 2008 at 5:59 am

Is there an easy way if I have multiple directories to restrict in different location from one rule instead of having all the above rules repeatedly for all directories.

Reply

2 Mauricio February 13, 2009 at 4:45 pm

You could restrict at DocumentRoot level and then allow only for public directories, but be carefull not to disable valid directories or applications.

Reply

3 MyClicker April 27, 2011 at 7:49 am

Allow from 192.168.1.0/24 is not working for me, because I have more than 24 IPs in subnet, so I use
Allow from 192.168.1.0/120

Reply

4 Jordi April 28, 2011 at 8:28 am

192.168.1.0/24 allows the IPs from 192.168.1.0 to 192.168.1.255 to access the document. 192.168.1.0/120 should be invalid…

Reply

5 Body Workout July 27, 2011 at 9:42 am

What’s the syntax for the .htaccess file, please?

Reply

6 Remco August 10, 2011 at 9:15 pm

order allow,deny
deny from 123.456.789.0
deny from 0.987.654.321
allow from all

for blocking with .htaccess

Reply

7 sundar December 7, 2011 at 5:49 am

order deny,allow
allow from all
deny from 123.456.789.0
deny from 0.987.654.321

Reply

8 adamster December 5, 2013 at 7:28 pm

is there a way to do a range of ip addresses?

Reply

Leave a Comment

Tagged as: , , , , , , ,

Previous Faq:

Next Faq: