Lighttpd restrict or deny access by IP address

Posted on in Categories Howto, lighttpd, Linux, News, Security, UNIX last updated December 12, 2006
Lighttpd logo

So how do you restrict or deny access by IP address using Lighttpd web server?

Lighttpd has mod_access module. The access module is used to deny access to files with given trailing path names. You need to combine this with remoteip conditional configuration. Syntax is as follows:

$HTTP[“remoteip”] == “IP” : Match on the remote IP
$HTTP[“remoteip”] !~ “IP1|IP2” : Do not match on the remote IP (perl style regular expression not match)
$HTTP[“remoteip”] =~ “IP1|IP2” : Match on the remote IP (perl style regular expression match)

Task: Match on the remote IP

For example block access to http://theos.in/stats/ url if IP address is NOT 192.168.1.5 and 192.168.1.10 (restrict access to these 2 IPs only):

Open /etc/lighttpd/lighttpd.conf file
# vi /etc/lighttpd/lighttpd.conf
Append following configuration directive:

$HTTP["remoteip"] !~ "200.19.1.5|210.45.2.7" {
    $HTTP["url"] =~ "^/stats/" {
      url.access-deny = ( "" )
    }
 }

Save and restart lighttpd:
# /etc/init.d/lighttpd restart

Task: Block single remote IP

Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] == "202.54.1.1" {
       url.access-deny = ( "" )
  }

Do not allow IP address 202.54.1.1,202.54.2.5 to access our site:
Do not allow IP address 202.54.1.1 to access our site:

$HTTP["remoteip"] =~ "202.54.1.1|202.54.2.5" {
       url.access-deny = ( "" )
  }

See also

=> Lighttpd deny access to certain files

Configure lighttpd alias (mod_alias)

Posted on in Categories Howto, lighttpd, Linux, UNIX last updated July 25, 2006

This lighttpd module provides for mapping different parts of the host filesystem in the document tree. You can use it for mapping various directories. For example cgi-bin directory mapped to /var/lib/cgi-bin. The alias module is used to specify a special document-root for a given url-subset.

Configuration

Open your lighttpd configuration file:
vi /etc/lighttpd/lighttpd.conf

Append/add mod_ alias to list of server modules:
server.modules += ( "mod_alias" )

Examples

Add cgi-bin alias for doamin theos.in
alias.url = ( "/cgi-bin/" => "/home/lighttpd/theos.in/cgi-bin/" )

Browse all documents installed at /usr/share/doc/ directory with following alias:
alias.url = ( "/docs/" => "/usr/share/doc/" )
alias.url += ( "/stats/" => "/home/theos.in/http/webalizer/" )

Open a browser and type url http://theos.in/docs/ or http://your-domain.com/docs/