httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy D Legg" <>
Subject [users@httpd] Best practice for restricting access to exact IP addresses
Date Fri, 01 Dec 2017 10:03:21 GMT

I am wanting to restrict a subdirectory of a website to a single, maybe
two, IP addresses.

I will refer to this documentation:
under the section "Access control by host".

This document suggests that 'Allow', 'Order', and 'Deny' are deprecated,
so I am avoiding using these going forwards.  It decided to exercise this
restriction with mod_authz_host.  I verified that authz_core_module,
authz_host_module, authz_user_module are enabled.

I added these lines inside the <VirtualHost *:443> block:

<Directory /var/www/html/graphs>
	Require ip

But a test revealed I was able to wget graphs/test.html on a different
machine (

I've only read the documentation.  Practically every non-Apache website
still uses Order-Allow-Deny methodologies, so it's still not clear how
this is actually done in practice.  Why did this not work?

Thanks,  Timothy D Legg

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message