Apache web server allows server access based upon various conditions. For example you just want to restrict access to url http://payroll.nixcraft.in/ (mapped to /var/www/sub/payroll directory) from 192.168.1.0/24 network (within intranet).
ADVERTISEMENTS
Apache provides access control based on client hostname, IP address, or other characteristics of the client request using mod_access module.
Open your httpd.conf file:
# vi /etc/httpd/conf/httpd.confLocate directory section (for example/var/www/sub/payroll) and set it as follows:
<Directory /var/www/sub/payroll/>
Order allow,deny
Allow from 192.168.1.0/24
Allow from 127
</Directory>
- Order allow,deny: The Order directive controls the default access state and the order in which Allow and Deny directives are evaluated. The (allow,deny) Allow directives are evaluated before the Deny directives. Access is denied by default. Any client which does not match an Allow directive or does match a Deny directive will be denied access to the server.
- Allow from192.168.1.0/24: The Allow directive affects which hosts can access an area of the server (i.e. /var/www/sub/payroll/). Access is only allowed from network 192.168.1.0/24 and localhost (127.0.0.1).
Save file and restart apache web server:
# /etc/init.d/httpd restart
See also
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
- RSS feed or Weekly email newsletter
- Share to Twitter • Facebook • 11 comments... add one ↓
UP NEXT
Explain: Linux and UNIX TCP Wrappers - Find Out If a Program Is Compiled With TCP Wrappers
How to find disk I/O latency with ioping monitoring tool on Linux
How to install and use Monit on Ubuntu/Debian Linux server as process supervision tool
Linux and Unix dig Command Examples- How To Set Up PF Firewall on FreeBSD to Protect a Web Server
How to install PHP 7 on Debian Linux 8.7/7.x [jessie/wheezy]- Postfix Backup MX eMail Server Anti-Spam Configuration
| Category | List of Unix and Linux commands |
|---|---|
| File Management | cat |
| Firewall | CentOS 8 • OpenSUSE • RHEL 8 • Ubuntu 16.04 • Ubuntu 18.04 • Ubuntu 20.04 |
| Network Utilities | dig • host • ip • nmap |
| OpenVPN | CentOS 7 • CentOS 8 • Debian 10 • Debian 8/9 • Ubuntu 18.04 • Ubuntu 20.04 |
| Package Manager | apk • apt |
| Processes Management | bg • chroot • cron • disown • fg • jobs • killall • kill • pidof • pstree • pwdx • time |
| Searching | grep • whereis • which |
| User Information | groups • id • lastcomm • last • lid/libuser-lid • logname • members • users • whoami • who • w |
| WireGuard VPN | CentOS 8 • Debian 10 • Firewall • Ubuntu 20.04 |
Is there an easy way if I have multiple directories to restrict in different location from one rule instead of having all the above rules repeatedly for all directories.
You could restrict at DocumentRoot level and then allow only for public directories, but be carefull not to disable valid directories or applications.
Allow from 192.168.1.0/24 is not working for me, because I have more than 24 IPs in subnet, so I use
Allow from 192.168.1.0/120
192.168.1.0/24 allows the IPs from 192.168.1.0 to 192.168.1.255 to access the document. 192.168.1.0/120 should be invalid…
What’s the syntax for the .htaccess file, please?
order allow,deny
deny from 123.456.789.0
deny from 0.987.654.321
allow from all
for blocking with .htaccess
order deny,allow
allow from all
deny from 123.456.789.0
deny from 0.987.654.321
is there a way to do a range of ip addresses?
Is there a way to blacklist using a file that has a list of IPs and specify that within the .conf for the particular virtualhost?
I would like to block access to all the portions of the site, excluding a subdirectory for everyone. Is this possible?
I would only like for the end user to be able to access http://subdomain.domain.com/directory/
and block everything else. Right now, I am blocking all 80 port requests with IPTables. I am guessing I would have to remove that rule and apply it on apache. Any hep will be greatly appreciated. Thank you in advance!
Thanks for great post.
Is there any way to allow perticular user from one ip address or host in apache.