I have a htaccess file with following code when trying to block an IP:
DirectoryIndex index.php index.html
ErrorDocument 404 /errors.php
Order Allow,Deny
Deny from 188.143.232.
Allow from all
Blocking my own IP works when browsing www.example.com, but it does not block for anything else (like www.example.com/index.php or www.example.com/home, ....). The htaccess is located in the same directory as index.php (httpdocs folder).
How can I get it to work?
You can also use a mod-rewrite based ip-blocking to block unwanted ip(s) :
RewriteEngine on
#--if client ip==188.143.232
RewriteCond %{REMOTE_ADDR} ^188\.143\.232
#--forbid the request
RewriteRule ^ - [F,L]
Related
Let me start by saying I am new to creating an htaccess file. I want to deny certain IPs from access to our site. I created this and I am looking for validation that this is correct. I know that there is no advanced redirect page within this as I am not sure how to accomplish that yet. I am more concerned that this snippet would work to block IPs. Thanks in advance for any and all help.
#.htaccess
DirectoryIndex index.htm
#deny list
order allow,deny
allow from all
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
Looks good to me, assuming you're on Apache 2.2 To block individual visitors, you can use the following directives:
Order Allow,Deny
Allow from all
Deny from 123.123.123.123
Instead of blocking visitors, you can redirect them to another location. Here's how to do it using Apache's mod_rewrite:
#<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_ADDR} ^123\.123\.123\.123$
RewriteRule .* https://www.google.com [R=301,L]
#</IfModule>
See also: https://htaccessbook.com/block-ip-address/
Alternatively, try this to block a range if IPS (here 10.0.8.0-10.0.8.21:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^10\.0\.8\.(2[01]|[0-9][0-9]|[0-9])
#or RewriteCond %{HTTP_HOST} 12\.34\.56\.789
RewriteRule .* https://www.google.com [L,R=301]
If you are on Apache 2.4 this link from the htaccess book shows the differences between 2.2 and 2.4: https://htaccessbook.com/access-control-apache-2-4/
We've moved a site to another domain and setup the htacess as bellow, but how can i set a rule "if page dosnt exist - (ie 404 error) redirect to new site homepage." To be used as a fall back, if someone follows a broke url to our old site.
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.oldsite\.co\.uk)(:80)? [NC]
RewriteRule ^(.*) http://oldsite.co.uk/$1 [R=301,L]
Redirect permanent http://oldsite.co.uk http://newsite.co.uk
Redirect permanent http://oldsite.co.uk/index.html http://newsite.co.uk
Redirect permanent http://oldsite.co.uk/contact-us.html http://newsite.co.uk/contact-us.html
Redirect permanent http://oldsite.co.uk/bespoke-furniture.html http://http://newsite.co.uk/bespoke-furniture.html
Redirect permanent http://oldsite.co.uk/about-us.html http://newsite.co.uk/about-us.html
Redirect permanent http://oldsite.co.uk/how.html http://newsite.co.uk/about-us.html
order deny,allow
You could simply use this.
ErrorDocument 404 http://newsite.co.uk
I have a folder on my site (domain.com/protect) I want to limit to only one referrer (otherdomain.com/subfolder).
Deny for all others, allow only if coming from that URL.
If not coming from that URL, then redirect the visitor over to otherdomain.com/login instead.
How would I write that out in .htaccess rewrite rules?
In the htaccess file in your /protect directory, add these rules:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !otherdomain\.com/subfolder
RewriteRule ^ - [L,F]
The condition checks that the referer doesn't contain: otherdomain.com/subfolder, and if it doesn't, then whatever the request is (inside the /protect directory) will result in a 403 Forbidden.
Alternatively, you can put these rules in the htaccess file in your document root if you would rather keep everything in once place:
RewriteEngine On
RewriteCond %{HTTP_REFERER} !otherdomain\.com/subfolder
RewriteRule ^/?protect/? - [L,F]
Trying to block directory access from everyone except 1 IP address. This .htaccess code blocks access but it blocks access to everything including images, css, etc. What do I need to change?
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Anyone accessing mysite.com/hidedirectory except me should redirect to mysite.com. Is there a better, more secure way to do this including something like an http response code?
Better way is to do this in your .conf file:
<Directory /hidedirectory>
options -Indexes
Order Deny,Allow
Deny from all
Allow from XX.XXX.XX.XXX
</Directory>
This will deny everythig like your rewrite rules.
But since you want to allow access to images/css etc...
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteCond %{REQUEST_URI} !\.(?:jpe?g|png|gif|css)$ [NC]
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Add any other extensions into (?:jpe?g|png|gif|css) suffixed by a |(or).
I'm having a small problem with my htaccess files. Currently, it redirects everything back to index.php for processing, except when someone tries to access an actual directory. When the directory exists, it displays the 403 error page instead of rewriting the path to index.php like it's supposed too. What can I modify to make it always go to index.php when the files are accessed via the internet, but still load the correct files in PHP on the server?
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
ErrorDocument 403 /index.php?403
ErrorDocument 404 /index.php?404
ErrorDocument 414 /index.php?414
RewriteCond %{HTTP_HOST} !^$ [NC]
RewriteRule !^(.*) index.php [L]
Sample file structure:
Web Directory
- com
- source
- index.php
- TEST.HTML
The folders such as 'com' and source' will display the 403 because the user doesn't have access to them. The files such as 'index.php' and 'TEST.HTML' execute normally. I want my htaccess to redirect everything in the Web Directory folder back to the index.php file, no matter what.
I think you want this instead:
Options -Indexes +FollowSymLinks
RewriteEngine On
RewriteBase /
ErrorDocument 403 /index.php?403
ErrorDocument 404 /index.php?404
ErrorDocument 414 /index.php?414
RewriteCond %{REQUEST_URI} !^/index.php
RewriteRule .* index.php [L]
This was on the assumption that you didn't want to be able to access TEST.HTML directly and didn't want to change the URL in the user's browser. If either of those assumptions were wrong, let me know and I'll update the answer with the appropriate rewrite information.