Join Log in
Score:1
Jim Smith avatar Server

Restrict access to specific http_host with apache 2.4.x .htaccess

li flag
Jim Smith

I'm wondering if anyone knows how to approach this predicament I am facing using .htaccess.

I have a website that is accessible using 2 different domains. For one of the domains, I only want the website to be accessible to a subset of IPs only (about 30 of them). The second domain, can be open to anyone.

So for example:

restricted.domainexample.com can only be accessible from IPs 1.1.1.1, 2.2.2.2, 3.3.3.3
www.domainexample.com can be accessible from everyone.

I have the following, but not sure if this will work. Is it along the right path?

RewriteEngine on
RewriteCond %{HTTP_HOST} ^restricted\.domainexample\.com$ [NC]
order deny,allow
deny from all
allow from 123.12.12.12
allow from 123.123.43.43
RewriteRule ^(.*)$ - [F]

Of course www.domainexample.com is untouched here, so that should still have full access by all. Any input and help is greatly appreciated.

157
1 + 1
ezra-s avatar
ru flag
ezra-s
why .htaccess and not just virtualhost? Are you in a shared hosting? Because if the answer is no and you are the admin you are just complicating things. You could just define each virtualhost and specify "Require ip xxx.xxx.xxx.xxx" where necessary.
0
Reply
Score:0
avatar Server
kz flag
MrWhite

You can't mix mod_rewrite and mod_access_compat (Order, Deny, Allow on Apache 2.4) like this. But you shouldn't be using mod_access_compat anyway on Apache 2.4 - since these directives have been deprecated (hence why they have been moved to mod_access_compat from mod_authz_host).

You don't need mod_rewrite either. You can instead use an Apache <If> expression (requires Apache 2.4) to check the Host header and mod_authz_core. For example:

<If "%{HTTP_HOST} =~ /(?i)^restricted\.domainexample\.com/">
    Require ip 1.1.1.1
    Require ip 2.2.2.2
    Require ip 3.3.3.3
    : etc.
</If>

The block of Require directives are implicitly included in a <RequireAny> container (the default behaviour).

Alternatively, to do this using mod_rewrite only (Apache 2.2+) then you would do it like this instead:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^restricted\.domainexample\.com [NC]
RewriteCond %{REMOTE_ADDR} !=1.1.1.1
RewriteCond %{REMOTE_ADDR} !=2.2.2.2
RewriteCond %{REMOTE_ADDR} !=3.3.3.3
: etc.
RewriteRule ^ - [F]

The logic of the mod_rewrite rule is essentially the opposite of the Require directives in the first example. With the mod_rewrite rule we are blocking access when all the conditions are successful (ie. when none of the IP addresses match). Whereas in the first example, access is granted when any of the IP addresses match.

+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.