Apache restrict access based on IP address to selected directories

Apache web server allows server access based upon various conditions. For example you just want to restrict access to url http://payroll.nixcraft.in/ (mapped to /var/www/sub/payroll directory) from network (within intranet).

Apache provides access control based on client hostname, IP address, or other characteristics of the client request using mod_access module.

Open your httpd.conf file:
# vi /etc/httpd/conf/httpd.confLocate directory section (for example/var/www/sub/payroll) and set it as follows:
<Directory /var/www/sub/payroll/>
Order allow,deny
Allow from
Allow from 127

  • Order allow,deny: The Order directive controls the default access state and the order in which Allow and Deny directives are evaluated. The (allow,deny) Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.
  • Allow from192.168.1.0/24: The Allow directive affects which hosts can access an area of the server (i.e. /var/www/sub/payroll/). Access is only allowed from network and localhost (

Save file and restart apache web server:
# /etc/init.d/httpd restart

See also

🐧 Get the latest tutorials on Linux, Open Source & DevOps via RSS feed or Weekly email newsletter.

🐧 11 comments so far... add one

CategoryList of Unix and Linux commands
Disk space analyzersdf duf ncdu pydf
File Managementcat cp mkdir tree
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Modern utilitiesbat exa
Network UtilitiesNetHogs dig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg glances gtop jobs killall kill pidof pstree pwdx time vtop
Searchingag grep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04
11 comments… add one
  • Nabin Limbu Sep 21, 2008 @ 5:59

    Is there an easy way if I have multiple directories to restrict in different location from one rule instead of having all the above rules repeatedly for all directories.

  • Mauricio Feb 13, 2009 @ 16:45

    You could restrict at DocumentRoot level and then allow only for public directories, but be carefull not to disable valid directories or applications.

  • MyClicker Apr 27, 2011 @ 7:49

    Allow from is not working for me, because I have more than 24 IPs in subnet, so I use
    Allow from

  • Jordi Apr 28, 2011 @ 8:28 allows the IPs from to to access the document. should be invalid…

  • Body Workout Jul 27, 2011 @ 9:42

    What’s the syntax for the .htaccess file, please?

  • Remco Aug 10, 2011 @ 21:15

    order allow,deny
    deny from 123.456.789.0
    deny from 0.987.654.321
    allow from all

    for blocking with .htaccess

  • sundar Dec 7, 2011 @ 5:49

    order deny,allow
    allow from all
    deny from 123.456.789.0
    deny from 0.987.654.321

  • adamster Dec 5, 2013 @ 19:28

    is there a way to do a range of ip addresses?

  • Ramone Burrell May 31, 2015 @ 22:41

    Is there a way to blacklist using a file that has a list of IPs and specify that within the .conf for the particular virtualhost?

  • Benjamin Oct 26, 2015 @ 16:56

    I would like to block access to all the portions of the site, excluding a subdirectory for everyone. Is this possible?

    I would only like for the end user to be able to access http://subdomain.domain.com/directory/
    and block everything else. Right now, I am blocking all 80 port requests with IPTables. I am guessing I would have to remove that rule and apply it on apache. Any hep will be greatly appreciated. Thank you in advance!

  • Vinay Gupta Jun 3, 2016 @ 7:58

    Thanks for great post.

    Is there any way to allow perticular user from one ip address or host in apache.

Leave a Reply

Your email address will not be published.

Use HTML <pre>...</pre> for code samples. Still have questions? Post it on our forum