httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Timothy D Legg" <apa...@timothylegg.com>
Subject [users@httpd] Best practice for restricting access to exact IP addresses
Date Fri, 01 Dec 2017 10:03:21 GMT
Hello,

I am wanting to restrict a subdirectory of a website to a single, maybe
two, IP addresses.

I will refer to this documentation:
   httpd.apache.org/docs/current/howto/access.html
under the section "Access control by host".

This document suggests that 'Allow', 'Order', and 'Deny' are deprecated,
so I am avoiding using these going forwards.  It decided to exercise this
restriction with mod_authz_host.  I verified that authz_core_module,
authz_host_module, authz_user_module are enabled.

I added these lines inside the <VirtualHost *:443> block:

<Directory /var/www/html/graphs>
	Require ip 192.168.40.80
</Directory>

But a test revealed I was able to wget graphs/test.html on a different
machine (192.168.40.81).

I've only read the documentation.  Practically every non-Apache website
still uses Order-Allow-Deny methodologies, so it's still not clear how
this is actually done in practice.  Why did this not work?

Thanks,  Timothy D Legg


---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message