Restrict access to IP address range

htaccess ip-address localhost intranet
11,707

Solution 1

The solution was that I accessed the website via localhost/path/to/site rather than 1.2.70.59/path/to/site. Once I changed that, it worked.

Solution 2

First off, are you adding these directives in an .htaccess file or a config file? If the latter, then you need to restart Apache.

Secondly, do you have mod_authz_host enabled? In your httpd.conf, there should be a line like:

LoadModule authz_host_module modules/mod_authz_host.so

Lastly, are you sure it's not working? I.e. are you testing the right path/server? Are you sure a rewrite rule or custom error page isn't making it look like you've gained access to the page even though you're being shown a different page? Also, what's not working? Is it giving access to external IPs or denying access to internal IPs?

Clear your access log (delete the file), restart the server, and test the URL once more; then look at the access log and see what IP address was recorded and what response code was given.

There are other ways of doing it (e.g. via mod_rewrite or SetEnvIf/Allow from env=), but what you're doing should work.

Share:
11,707

Related videos on Youtube

Konrad Rudolph
Author by

Konrad Rudolph

Updated on September 18, 2022

Comments

  • Konrad Rudolph
    Konrad Rudolph over 1 year

    I’m trying to restrict access to a web resource to the intranet of a company via .htaccess. Unfortunately, the approach via Allow from … isn’t working for me and and I don’t understand subnets well enough to troubleshoot the issue.

    My IP address is (replaced the first two blocks for privacy) 1.2.70.59, the netmask is given by ifconfig as 0xffff0000, i.e. 255.255.0.0. I’ve used an IP address calculator go get the subnet from this.

    An answer on Stack Overflow led me to believe that the following should work:

    Order deny,allow
Deny from all
Allow from 1.2.0.0/255.255.0.0

    Or, using CIDR (only showing the last line):

    Allow from 1.2.0.0/16

    Neither works. Nor does the following work, as implied by answer on this very site:

    Allow from 1.2

    In fact, not even the following works:

    Allow from 127.0.0.1

    But this does work:

    Allow from localhost

    Although I thought these two to be equivalent. Clearly, I have a gap in my understanding.

    For completeness, this is the output of ifconfig | grep inet[^6]:

    inet 127.0.0.1 netmask 0xff000000 
inet 1.2.70.59 netmask 0xffff0000 broadcast 1.2.255.255

    What am I doing wrong?

  • Konrad Rudolph
    Konrad Rudolph about 12 years
    Actually, I want the opposite – block from everywhere except from a given range. The question is how I specify the range, since my approaches of notating the subnet don’t work.
  • ionFish
    ionFish about 12 years
    Then do: order deny,allow and do allow from 127.0.0.1 and such. Just switch the allows and deny's
  • Konrad Rudolph
    Konrad Rudolph about 12 years
    But that’s exactly what I’m already doing, and it’s not working.
  • ionFish
    ionFish about 12 years
    In your httpd.conf, is there a line saying allow-override none, specifically near an IP-restricting code like in my post? If so, change to "allow-override all"
  • Konrad Rudolph
    Konrad Rudolph about 12 years
    No. Otherwise, Allow from localhost wouldn’t work either.
  • ionFish
    ionFish about 12 years
    I meant, the .htaccess is really just an override from the httpd.conf, if you don't allow any overrides then .htaccess won't work right. I'm sorry I can't be of more help.
  • Konrad Rudolph
    Konrad Rudolph about 12 years
    True but I definitely allow overrides. I actually succeed in overriding access – otherwise I couldn’t deny access (but I can), nor allow access for localhost (but I can). It just doesn’t work for IP addresses.
  • ionFish
    ionFish about 12 years
    I've never had that happen before, maybe someone else will post.
  • Konrad Rudolph
    Konrad Rudolph about 12 years
    Actually I’m already using SetEnvIf for a different purpose since I only want to restrict access to a single (non-physical) resource and I don’t have write access to the server’s httpd.conf so I cannot use <Location>. Now, the solution of the puzzle is that I was using the wrong IP address to access the server – via localhost rather than my local network.
  • Lèse majesté
    Lèse majesté about 12 years
    @Konrad: Fairly common mistake. That's why it's always worth the effort to check the access logs.
  • Konrad Rudolph
    Konrad Rudolph about 12 years
    I’d love to. Unfortunately I don’t have access to it. :-( The server configuration is irking me more and more … Apache 1, PHP 5.0 (full of bugs) …

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Browser shows IP address instead of my domain name when using Google Cloud
Blocking all countries except US/Canada/UK
Returning 404 error after using RewriteRule on localhost
Adding localhost entry to Windows\System32\drivers\etc\hosts file with port number
Show all machine's internal IP addresses (Windows XP)?
How can I redirect "localhost" to another local IP?
How can I specify IP and ports for a hostname in the Windows hosts file?
Why is there a difference between ping "localhost" and ping "local IP address"?
What's the difference between 127.0.0.1 and 0.0.0.0?
how do I get 0.0.0.0 to resolve to localhost when browsing a url that contains 0.0.0.0?