≡ Menu

theos

Lighttpd restrict or deny access by IP address

Lighttpd logo

So how do you restrict or deny access by IP address using Lighttpd web server?

Lighttpd has mod_access module. The access module is used to deny access to files with given trailing path names. You need to combine this with remoteip conditional configuration. Syntax is as follows:

$HTTP["remoteip"] == "IP" : Match on the remote IP
$HTTP["remoteip"] !~ "IP1|IP2" : Do not match on the remote IP (perl style regular expression not match)
$HTTP["remoteip"] =~ "IP1|IP2" : Match on the remote IP (perl style regular expression match)

Task: Match on the remote IP

For example block access to http://theos.in/stats/ url if IP address is NOT 192.168.1.5 and 192.168.1.10 (restrict access to these 2 IPs only):

Open /etc/lighttpd/lighttpd.conf file
# vi /etc/lighttpd/lighttpd.conf
Append following configuration directive:

$HTTP["remoteip"] !~ "200.19.1.5|210.45.2.7" {
    $HTTP["url"] =~ "^/stats/" {
      url.access-deny = ( "" )
    }
 }

Save and restart lighttpd:
# /etc/init.d/lighttpd restart

Task: Block single remote IP

Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] == "202.54.1.1" {
       url.access-deny = ( "" )
  }

Do not allow IP address 202.54.1.1,202.54.2.5 to access our site:
Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] =~ "202.54.1.1|202.54.2.5" {
       url.access-deny = ( "" )
  }

See also

=> Lighttpd deny access to certain files

Configure lighttpd alias (mod_alias)

This lighttpd module provides for mapping different parts of the host filesystem in the document tree. You can use it for mapping various directories. For example cgi-bin directory mapped to /var/lib/cgi-bin. The alias module is used to specify a special document-root for a given url-subset.

Configuration

Open your lighttpd configuration file:
vi /etc/lighttpd/lighttpd.conf

Append/add mod_ alias to list of server modules:
server.modules += ( "mod_alias" )

Examples

Add cgi-bin alias for doamin theos.in
alias.url = ( "/cgi-bin/" => "/home/lighttpd/theos.in/cgi-bin/" )

Browse all documents installed at /usr/share/doc/ directory with following alias:
alias.url = ( "/docs/" => "/usr/share/doc/" )
alias.url += ( "/stats/" => "/home/theos.in/http/webalizer/" )

Open a browser and type url http://theos.in/docs/ or http://your-domain.com/docs/