Ubuntu Apache2 - restrict access by IP address
6,850
If you want to block requests completely from other IP's you can do:
<Directory /var/www/sub/payroll/>
Order deny,allow
deny from all
Allow from 192.168.1.1
</Directory>
It blocks requests from all IP's except the one you specified.
If you want to password promt using .htaccess try this link: http://www.cyberciti.biz/faq/howto-setup-apache-password-protect-directory-with-htaccess-file/
Related videos on Youtube
Author by
Chetan Crasta
Updated on September 18, 2022Comments
-
Chetan Crasta almost 2 years
In Ubuntu 11.04, I'm trying to Allow from IP without password prompt, and also allow from any address with password prompt. But it isn't working. Everyone from the Internet can access the page without the password. If I set simple password authentication (without conditions), it works.
Help!
-
Chetan Crasta almost 12 yearsSome more info: Since .htaccess files are deprecated I edited the /etc/apache2/apache2.conf file
-
nickgrim almost 12 yearsPost the relevant bits of your Apache config, please.
-
Chetan Crasta almost 12 years
<Directory /var/www>
Order deny,allow
Deny from all
AuthName "htaccess password prompt"
AuthUserFile /var/www/.htpasswd
AuthType Basic
Require user xxxxx
Allow from 1xx.xx.xx.120
Satisfy Any
</Directory>
-
Chetan Crasta almost 12 yearsSorry for the missing line breaks. I tried four-space indentation but it didn't work.
-
JM4 almost 12 yearswhat issues are you facing exactly? You state, ""If I set simple password authentication (without conditions), it works.". If it works -what are you trying to resolve? To do what you are looking for, you have to use htaccess and htpasswd files.
-
Chetan Crasta almost 12 yearsI need password authentication with conditions. Users whose IP address is not a specific one need to enter a password. Follow the link in my original post. The technique described there doesn't work for me.
-
-
Chetan Crasta almost 12 yearsNo I don't want to block requests from other IPs completely. They should have access after entering a password. I'd rather not use .htaccess files.
-
Kao almost 12 yearsI think you can put it in the apache2 configuration aswell, if you'd rather want that.
-
Chetan Crasta almost 12 yearsI tried it using .htaccess — still no luck.
-
Chetan Crasta almost 12 yearsIt is not working — Internet users are supposed to get a password prompt. Instead they can view the page without entering the username/password. Form the allowed IP address, access is OK.
-
Kao almost 12 yearsThe link only restricts access to an actual folder. If you need to password protect an URL, that has nothing to do with a folder, you're probably going to have to make it in the software layer ie. using PHP or ASP
-
Chetan Crasta almost 12 yearsI want to restrict access to all files in the folder. BTW, Apache can also protect a single file with this syntax <Files "mypage.html"> Require valid-user </Files> If I don't find a solution to this I'm going to use PHP. But it is a pain to do this for each HTML file and for binary files.
-
Kao almost 12 yearsYou could just include a simple php file that makes the check on all pages, or use a framework or page loader CMS, with a specific rule to request log in, if not from xxx.xxx.xxx.xxx IP.