How do I setup apache to only allow local devices to connect to my website/app?
Solution 1
Allow, Satisfy and related directives have been deprecated, and they only still work for backwards compatibility as part of the module mod_access_compat
The new way is using the module mod_authz_host
and the Require
directives. (link)
Mixing the two is discouraged. Quoting this official source
The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.
If you want to restrict to local network, you can do something like
<Directory /var/www/ncp-web/>
Require host localhost
Require ip 127.0.0.1
Require ip 192.168
Require ip 10
</Directory>
Remove all Allow directives.
Solution 2
You can use - Listen Directive option to accept connections on two specified interfaces and port numbers
Change ports.conf so that it contains:
Listen 127.0.0.1:80 Listen 127.0.0.1:8000
refer link for detailed info : http://httpd.apache.org/docs/2.0/mod/mpm_common.html#listen
{OR}
in your site-enabled site.
Should limit apache serving to anyone but localhost for anything under
Order Deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128
Solution 3
Just create a VirtualHost restricting the access to it in your apache configuration. This is a sample:
<VirtualHost *:80>
DocumentRoot "/var/www/"
ServerName www.example.com
<Directory "/var/www/">
Options Indexes FollowSymLinks
AllowOverride all
Order deny,allow
Allow from all
Require 192.168.0.1/24
</Directory>
</VirtualHost>
The Require
provides a variety of different ways to allow or deny access to resources. In my sample, it restricts the access for the subnet 192.168.0.1/24 only.
Related videos on Youtube
Pav Dis
Updated on September 18, 2022Comments
-
Pav Dis almost 2 years
Hey guys I'm really new to this please forgive me if I butcher all the terminology. I've managed to get a lamp-server running for my small business and have created a small webapp that runs on the server. How do configure apache to only allow other devices in the same network to connect and restrict access for everyone else? Is what I'm trying to achieve called an Intranet server? If so what are the security aspect I should be aware of?
Thanks in advance! I'm looking forward to learn from you guys.
-
Organic Marble over 8 yearsYou could configure your router to block incoming connection attempts to your server.
-
Pav Dis over 8 yearsIs there a way to achieve this via apache or is it better to just block it via router?
-
Organic Marble over 8 yearsI'm no expert but on my system I had to forward port 80 in my router to the webserver computer to allow requests from the internet to reach it. I would think that if you block incoming requests on port 80 (or don't forward it) then the internet can't reach your webserver (assuming it is listening on port 80). But someone smarter will likely post a definite answer.
-
Pav Dis over 8 yearsThanks, I will try that for now. But I will definitely keep an eye out for a more definitive answer.
-
Anders over 8 yearsIt actually depends on what you want to allow and deny on your server. If you don't want any access at all, just set up a firewall on the server and block any access except from your LAN to port 80. You can also block in your routers firewall. It all depends on how your network looks like. If you want to allow some access, you have to allow access from all machines to your web server and then in Appache block access, as Tung Tran shown you. Security aspects? What if someone missconfigure something or a bug in the software.
-