≡ Menu

192

Lighttpd restrict or deny access by IP address

Lighttpd logo

So how do you restrict or deny access by IP address using Lighttpd web server?

Lighttpd has mod_access module. The access module is used to deny access to files with given trailing path names. You need to combine this with remoteip conditional configuration. Syntax is as follows:

$HTTP["remoteip"] == "IP" : Match on the remote IP
$HTTP["remoteip"] !~ "IP1|IP2" : Do not match on the remote IP (perl style regular expression not match)
$HTTP["remoteip"] =~ "IP1|IP2" : Match on the remote IP (perl style regular expression match)

Task: Match on the remote IP

For example block access to http://theos.in/stats/ url if IP address is NOT 192.168.1.5 and 192.168.1.10 (restrict access to these 2 IPs only):

Open /etc/lighttpd/lighttpd.conf file
# vi /etc/lighttpd/lighttpd.conf
Append following configuration directive:

$HTTP["remoteip"] !~ "200.19.1.5|210.45.2.7" {
    $HTTP["url"] =~ "^/stats/" {
      url.access-deny = ( "" )
    }
 }

Save and restart lighttpd:
# /etc/init.d/lighttpd restart

Task: Block single remote IP

Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] == "202.54.1.1" {
       url.access-deny = ( "" )
  }

Do not allow IP address 202.54.1.1,202.54.2.5 to access our site:
Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] =~ "202.54.1.1|202.54.2.5" {
       url.access-deny = ( "" )
  }

See also

=> Lighttpd deny access to certain files