I have the following .htaccess:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
This .htaccess is used on two domains. On www.livedomain.com I want everyone access. On www.stagingdomain.com I only want the IPs 1.1.1.1, 2.2.2.2, 3.3.3.3 to have access.
This works fine.
Now, on the live site, I want to make a change to allow everyone except one IP (let's say 9.9.9.9).
I've tried doing something like this:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 9.9.9.9 deny
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
But this doesn't work. I would have thought the env variable was overwritten with 'deny' and then the final Allow statement wouldn't apply. Is this not the case?
What's the simplest way to allow everyone from the one domain except one IP in this case?
You should use !varname to unset or remove an already defined variable:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 9.9.9.9 !allow
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
Read more about SetEnvIf here
My conf looks a bit different but works as expected:
SetEnvIf Host staging.mydomain.tld passreq
SetEnvIf Remote_Addr 1.1.1.1 !passreq
AuthType Basic
AuthName "Password Required"
AuthUserFile /home//html/.htpasswd
Require valid-user
Order allow,deny
Allow from all
Deny from env=passreq
Satisfy any
Related
i block users from specifics countries by this:
<Limit GET POST HEAD>
order allow,deny
deny from 193.34.36.0/22
deny from 193.58.216.0/21
deny from 193.164.220.0/23
deny from 194.42.216.0/24
deny from 195.42.132.0/23
deny from 195.66.102.0/24
deny from 195.66.132.0/23
deny from 195.190.24.0/24
deny from 195.200.84.0/23
deny from 195.216.225.0/24
.......
allow from all
</Limit>
<FilesMatch "blockPage\.php|main\.css|logo\.png">
allow from all
</FilesMatch>
ErrorDocument 403 /blockPage.php
this code redirect to page "blockPage.php" where you are user from this countries.
in this htaccess i have a redirect like this:
RewriteRule ^points/?$ main.php?mode=points [QSA,L]
i want that all the countries block not deny pages in "points" directory
(points is not a real directory its only htaccess redirect)
actually when mode=points dont deny user.
tnx a lot
l'm trying to set up an .htaccess file that will restrict access to a specific file, unless the request has come from the same server.
Here's what l expected to work (but it doesn't seem to):
<Files /some/secret/cron.php>
Order deny,allow
Deny from all
Allow from %{REMOTE_HOST}
</Files>
In this instance l can't just hard code in the IP address of the server, as it changes/rolls over to other servers throughout the day.
You cannot use %{REMOTE_HOST} in Allow from. Use it in a mod_rewrite rule like this:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !=11.22.33.44
RewriteRule cron\.php$ - [F,NC]
Replace 11.22.33.44 by your IP address.
You might try this
SetEnvIf Remote_Addr 127.0.0.1 Allowed=1
<Files "/some/secret/cron.php">
Order deny,allow
Deny from All
Allow from env=Allowed
</Files>
I've the following code to block single ip address in htaccess and it works fine
SetEnvIF X-Forwarded-For 182.65.209.192 DenyIP
Order allow,deny
Deny from env=DenyIP
Allow from all
Now I want to block country ip addresses from visiting my site.
I tried this but not works
SetEnvIF X-Forwarded-For 37.230.192.0/19 DenyIP
and
SetEnvIF X-Forwarded-For 37.230.192.[0-19] DenyIP
instead of
SetEnvIF X-Forwarded-For 182.65.209.192 DenyIP
How to block the ip range or subnet ip (for ex: 37.230.192.0/19)?
SetEnvIF use regex:
http://httpd.apache.org/docs/current/en/mod/mod_setenvif.html#setenvif
You can use:
SetEnvIF X-Forwarded-For ^37\.230\.192\.[01][0-9]?$ DenyIP
You can't match against CIDR address ranges, you need to use a regular expression. You want something like this:
SetEnvIF X-Forwarded-For 37\.230\.(19[2-9]|2[01][0-9]|22[0-3])\.[0-9]+ DenyIP
SetEnvIf Remote_Addr 37\.230\.(19[2-9]|2[01][0-9]|22[0-3])\.[0-9]+ DenyIP
SetEnvIF X-Forwarded-For 37\.230\.2[23][0-9]\.[0-9]+ DenyIP
SetEnvIf Remote_Addr 37\.230\.2[23][0-9]\.[0-9]+ DenyIP
Hi I'm trying to block people from a particular country
to view my website and I tried this
ErrorDocument 403 http://somewebsite/forbidden.html
<Limit GET HEAD POST>
order allow,deny
deny from 41.66.192.0/18
deny from 41.74.80.0/20
deny from 41.75.48.0/20
deny from 41.76.24.0/21
deny from 41.77.64.0/21
deny from 41.78.40.0/22
deny from 41.78.124.0/22
deny from 41.78.144.0/22
deny from 41.79.84.0/22
deny from 41.93.128.0/17
deny from 41.139.0.0/18
deny from 41.189.128.0/19
deny from 41.190.68.0/22
deny from 41.190.88.0/22
deny from 41.191.96.0/22
deny from 41.191.240.0/21
deny from 41.202.0.0/19
deny from 41.204.32.0/19
deny from 41.210.0.0/18
deny from 41.211.0.0/19
deny from 41.215.160.0/20
deny from 41.218.192.0/18
deny from 41.220.48.0/20
deny from 41.222.232.0/22
deny from 80.87.64.0/19
deny from 192.251.202.0/24
deny from 193.108.23.0/24
deny from 193.108.28.0/24
deny from 193.194.128.0/24
deny from 193.194.160.0/19
deny from 196.1.116.0/23
deny from 196.1.118.0/24
deny from 196.1.137.0/24
deny from 196.3.64.0/24
deny from 196.29.96.0/19
deny from 196.29.224.0/20
deny from 196.43.194.0/24
deny from 196.43.196.0/24
deny from 196.43.206.0/23
deny from 196.44.48.0/20
deny from 196.44.96.0/19
deny from 196.46.80.0/20
deny from 196.201.2.0/24
deny from 196.201.32.0/19
deny from 196.201.160.0/19
deny from 196.216.180.0/22
deny from 196.216.188.0/22
deny from 197.220.160.0/19
deny from 197.221.64.0/19
deny from 197.253.64.0/18
deny from 197.255.64.0/18
deny from 212.85.192.0/19
deny from 212.96.0.0/19
#
allow from all
</Limit>
The issue is that I am having a redirect loop.
Based on my research, mod_rewrite would the trick great but I am quite new to htaccess mod_rewrite. Can anyone help?
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^196\.43\.194\. [OR]
RewriteCond %{REMOTE_ADDR} ^41\.78\.144\. [OR]
RewriteCond %{REMOTE_ADDR} ^212\.96\.
RewriteRule . - [F,L]
</IfModule>
It isn't supposed to work for exact subnets though. If this is the server you administer other solutions like mod_geoip is the way to go.
I've activated directory listing with this line in the .htaccess:
Options +Indexes
How can I limit this to only one IP address with having access to all files/directories for everyone (every IP)?
Not tested:
allow from all
Options -Indexes
<Files *>
deny from all
allow from 195.112.15.4
Options +Indexes
</Files>
This way the Options +Indexes will be valid only for IP 195.112.15.4
I know this is an old thread but as I have just found something that seems to work, I've decided to share it here.
Adding this seems to do the trick:
<Files .>
Order Deny,Allow
Deny From All
Allow From 195.112.15.4
</Files>
This is what I got working for me, this is the .htaccess inside the folder I don't want everyone to be able to list, but if I give them a link to a file inside it, I want anyone (all) to be able to download the link.
allow from all
Options -Indexes
<Files *>
deny from all
allow from all
Options -Indexes
</Files>
<Files .>
Order Deny,Allow
Deny From All
Allow From xx.xx.xx.xx
# put the IP you want to allow indexing for above here
Options +Indexes
</Files>
tested
supposing "index.html" is the one configured as your DirectoryIndex, and XX.XX.XX.XX is your IP address, simple put these lines:
<FilesMatch "index.html">
Order deny,allow
Deny from all
allow from XX.XX.XX.XX
</FilesMatch>