A RewriteCond %{REMOTE_ADDR} with a IPv4 catch a IP range. Example:
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.89
# catch 123.45.67.89
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.8
# catch 123.45.67.8[0-9]
# or as omit
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89
...
Eventually catch it more. I have no further tested. My actuall IP is (similar to the example) "123.45.67.89".
The RewriteCond is for a RewriteRule to rewrite temporary to a maintenance.php. I insert my IP. Only my IP don't rewrite to maintenance.php.
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89
RewriteRule . maintenance.php [QSA,NC,L]
RewriteCond %{REMOTE_ADDR} ^123\.45\.67\.89
RewriteRule . index.php [QSA,NC,L]
With use this with IP 123.45.67.89, i becomes the index.php. With use this with IP 123.45.67.8, i becomes the index.php. With use this with IP 123.45.67.890, i becomes the maintenance.php. How can i prevent to catch / omit more than my IP adress? Besides, i have dynamic IP adress. It's possible my IP is 123.45.67.8.
EDIT: thanks to #anubhava.
Solution: ^123\.45\.67\.89$
My actuall IP is (similar to) 123.45.67.89. How can i prevent to catch / omit more than my IP address? Besides, i have dynamic IP address. It's possible my IP is 123.45.67.8
if you want to match only single IP then you will have to hardcode that IP by using
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
Note that you need to escape dots in your IP address to avoid it matching any character.
Your rules can be like this:
RewriteCond %{REMOTE_ADDR} !^123\.45\.67\.89$
RewriteRule . maintenance.php [L]
RewriteRule . index.php [L]
Related
I use a redirect in .htaccess to redirect any user asking for domain.com/admin to domain.com as follows:
RewriteCond %{REMOTE_ADDR} !^101.101.101.101
RewriteCond %{REQUEST_URI} admin [NC]
RewriteRule ^(.*)$ http://%{HTTP_HOST}/ [R=302,L]
This redirects all visitors other than those coming from the fictional IP address 101.101.101.101 and it works fine.
I want to be able to replace the IP address with a URL like abc.domain.com as the IP address 101.101.101.101 can vary over time and a dynamic DNS has been set up at abc.domain.com to track the updated IP address. Is this possible?
I have tried putting the URL in single quotes, double quotes, etc. to no avail.
Have you tried something like:
RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.from_domain\.com [NC]
RewriteRule ^(.*)$ http://www.to_domain.com/$1 [R=302,L]
Replace this line :
RewriteCond %{REMOTE_ADDR} !^101.101.101.101
With this :
RewriteCond %{HTTP_HOST} !^(www\.)?abc\.domain\.com$
Clear browser cache then test , if it is OK , replace R=302 to R=301 to be permenant redirection.
I need to allow site access to only development team accessing from IPs 111.111.111.111 and 222.222.222.222 and for the rest of the visitors would like to show temporary maintenance page brb.html
I tried this with the following condition and rewrite rule and it got into a redirect loop. Any insights on how to make this work?
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^222\.222\.222\.222
RewriteCond %{REMOTE_ADDR} !^111\.111\.111\.111
RewriteCond %{SCRIPT_FILENAME} !^brb.html
RewriteRule ^.*$ /brb.html [R=307,L]
Note: IPs used above are not the real ones.
You can use:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^(222\.222\.222\.222|111\.111\.111\.111)
RewriteRule !^brb\.html$ /brb.html [R=307,L]
And test in a new browser.
!^brb\.html$ in rewrite rule pattern will stop looping for you.
SOLUTION:
Because of CloudFlare I had to use RewriteCond %{HTTP:X-FORWARDED-FOR} instead of RewriteCond %{REMOTE_ADDR}
We're receiving a DDOS attack from a specific range of IPs (192.168.0-255.0-255). In our htaccess file we've attempted to forward their requests to a static HTML file but only half the requests are being blocked. Does anyone see why that would be?
RewriteCond %{REMOTE_ADDR} ^(10\.0\.0\.1|192\.168\.[0-9]{0,3}\.[0-9]{0,3})$
RewriteCond %{REQUEST_URI} [^/etc/blocked_ip.html]
RewriteRule ^(.*)$ /etc/blocked_ip.html [R=301,L]
and our access logs show:
2014-06-27 11:59:03 192.168.20.232 - 1.2.3.4 443 GET /etc/blocked_ip.html ?
2014-06-27 11:59:08 192.168.20.231 - 1.2.3.4 443 GET /video/832
Note: I've substituted the actual IP ranges with private ranges.
Thanks for any suggestions.
Actually your rewrite condition is incorrect:
RewriteCond %{REQUEST_URI} [^/etc/blocked_ip.html]
Probably you meant:
RewriteCond %{REQUEST_URI} !^/etc/blocked_ip\.html
You rule can be shortened to:
RewriteCond %{REMOTE_ADDR} ^(10\.0\.0\.1|192\.168\.[0-9]{1,3}\.[0-9]{1,3})$
RewriteRule !^etc/blocked_ip\.html$ /etc/blocked_ip.html [R=301,L,NC]
Also make sure this is your very first rule in your .htaccess.
I have a problem, I want to secure the admin panel of my website using .htaccess but its a CGI script.
from WebBrowser it looks like: http://mysite.com/?op=adminpanel
of course its /cgi-bin/index.cgi?op=adminpanel
I've tried with:
<files index.cgi?op=adminpanel>
order deny,allow
deny from all
allow from my.ip.address
</files>
but not working, works when I use <files index.cgi></files> but the whole site got 403 error for everyone except for my ip
now i'm testing with:
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !( my.IP)
RewriteCond %{QUERY_STRING} !(?op=adminpanel)
RewriteRule index.cgi - [F]
any help will be greatly appreciated
Per this article you can do it like this:
Let's say you want to block IP address 123.255.123.255 from accessing the page www.mydomain.com/index.php?option=com_my_special_component. Here is how you could write the rule:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
The first line just turns on URL rewriting. The second line matches the IP address (use backslashes before each dot), the third line matches the querystring (ie. anything that comes after the ? in the URL) - in this case it would match if option=com_my_special_component comes anywhere in the URL after the ? (eg. index.php?id=1&option=com_my_special_component&action=dostuff would still match with this rule). The [NC] at the end of that line tells it to apply the rule regardless of whether any of the characters in the URL are uppercase or lowercase. The final line redirects the user to index.php with a 'forbidden' header - so they will get an error message in their browser, and tells mod_rewrite to stop interpreting any further rewrite rules.
If you want to ban multiple IP addresses, you can add new lines for them, but you need to add an [OR] flag to the end of each line except the last one - for example:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^123\.255\.123\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^124\.255\.124\.255 [OR]
RewriteCond %{REMOTE_ADDR} ^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Since you are block access to an admin page, you probably want to only allow your IP. In that case you would just put an exclamation mark in front of the IP address to say if it's any IP other than this one, then rewrite.
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.255\.123\.255
RewriteCond %{REMOTE_ADDR} !^124\.255\.124\.255
RewriteCond %{REMOTE_ADDR} !^125\.255\.125\.255
RewriteCond %{QUERY_STRING} option=com_my_special_component [NC]
RewriteRule ^(.*)$ index.php [F,L]
Hope that helps.
Try this in the .htaccess file :
RewriteEngine On
RewriteCond %{REQUEST_URI} ^/admin
RewriteCond %{REMOTE_ADDR} !=10.0.0.1
RewriteCond %{REMOTE_ADDR} !=10.0.0.2
RewriteCond %{REMOTE_ADDR} !=10.0.0.3
RewriteRule ^(.*)$ - [R=403,L]
if the url begins with /admin and the remote address is not one of the three listed, send the browser on its merry way.
reference : https://www.concrete5.org/community/forums/chat/restrict-urls-starting-with-abc-to-specific-ips-.htaccess-guru
you can change this line (RewriteCond %{REQUEST_URI} ^/admin) to this :
RewriteCond %{REQUEST_URI} .*/admin
for very url contain "/admin".
I have the following htaccess rule I'd like to apply for every IP address apart from mine. I basically want to show a "site is down" page for everyone apart from myself. How is this best achieved?
RewriteEngine on
RewriteCond %{REQUEST_URI} !/indexTEMP.php$
RewriteRule $ /indexTEMP.php [R=307,L]
The Apache variable is REMOTE_ADDR.
Untested but should work:
RewriteEngine on
RewriteCond %{REQUEST_URI} !/indexTEMP.php$
RewriteCond %{REMOTE_ADDR} !^192\.168\.0\.1$
RewriteRule $ /indexTEMP.php [R=307,L]
this applies the rule to every IP except 192.168.0.1.