How can I allow GET requests only from specific domains by using htaccess in a more reliable way than using Referer (which can be manipulated).
Current, imperfect, solution:
SetEnvIfNoCase Referer domain\.com ALLOWED_DOMAIN
Order Deny,Allow
Deny from All
Allow from env=ALLOWED_DOMAIN
The soluton can be also based on IP of a domain (not the user's machine).
Use the LIMIT directive in your htaccess instead this way.
<Limit GET POST>
order deny,allow
deny from all
allow from domain.com anotherone.com onemore.com
</Limit>
Let me know if this answer works for you.
Related
I was having trouble with some opensource software which I couldn't figure out. Eventually I found somebody with different problems but same error codes who solved it with adding the following lines to .htaccess:
<Limit GET POST>
order deny,allow
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
allow from all
</Limit>
But I am not sure what this means and if it is safe in terms of security?
The additional <Limit> container allows PUT and DELETE type requests, which have probably been disabled on the server. It is best practise to restrict access methods that are not required.
However, your software probably implements a REST API, in which case the PUT and DELETE request methods are probably required (hence your earlier error messages).
Incidentally, those two blocks can be combined:
<Limit GET POST PUT DELETE>
order deny,allow
allow from all
</Limit>
.htaccess files are per-directory Apache config files. If you have access to the main server config then they are not required and best disabled (performance and security). However if you are on a shared server you probably have no choice.
What I'm looking for is something along the lines below but instead of restricting access to the whole domain I want to restrict only a specific page and allow certain IP's to access it. Is this possible? Everywhere I searched is only for restricting the whole site. Thank you.
ErrorDocument 403 http://www.domainname.com
Order deny,allow
Deny from all
Allow from 124.34.48.165
Allow from 102.54.68.123
You can use a code like this
<Location /example-map>
Order deny,allow
deny from all
allow from 123.12.12.12
allow from 123.123.43.43
</Location>
This by the 123... the ip from the allowed ip's and /example-map the location
by RedDev
I would like to block all countries except mine which is Brunei. The domain is .bn
<Limit GET POST PUT>
order deny,allow
deny from all
allow from .bn
allow from *.bn
allow from *.*.bn
allow from *.*.*.bn
</Limit>
My Name Address: smp-85-139.simpur.net.bn so I believe the code below works:
allow from *.*.*.bn
But i still got forbidden access. Anything missing here?
I tried with IP but still blocked..
<Limit GET POST PUT>
order deny,allow
deny from all
allow from 202.152.*.*
</Limit>
My IP is 202.152.85.139
UPDATE:
It appears my web host is using nginx so this setting won't work at all if I'm right.
Here is an .htaccess allow list for Brunei Darussalam, courtesy of Country IP Blocks. The data is correct and current as of 4/20/13.
If your hosting company allows you to use .htaccess you can copy and paste the below data into an .htaccess file and load it into your root:
<Limit GET POST>
order deny,allow
allow from 61.6.192.0/18
allow from 103.4.188.0/22
allow from 103.12.208.0/23
allow from 103.16.120.0/22
allow from 103.17.24.0/22
allow from 103.18.172.0/22
allow from 103.20.24.0/22
allow from 118.103.248.0/21
allow from 119.160.128.0/18
allow from 156.31.0.0/16
allow from 158.161.0.0/16
allow from 192.94.122.0/24
allow from 202.12.26.0/24
allow from 202.59.230.0/24
allow from 202.90.36.0/24
allow from 202.93.208.0/20
allow from 202.152.64.0/19
allow from 202.160.0.0/19
allow from 202.160.32.0/20
deny from all
</Limit>
I looked at countryipblocks.net, and need to clarify...
If I want to block users from, say, Andorra from visiting my site, what exactly needs to be added to my (already existing) .htaccess file?
Do I need to simply add this block of text to my .htaccess?
<Limit GET HEAD POST>
order allow,deny
deny from 85.94.160.0/19
deny from 91.187.64.0/19
deny from 194.117.123.178/32
deny from 194.158.64.0/19
deny from 195.112.181.196/32
deny from 195.112.181.247/32
allow from all
</LIMIT>
On the other hand, if I want to redirect users from, say, Croatia, from http://mywebsite.com to http://google.com or a landing page, what exactly needs to be added to my .htaccess file?
Finally - how would "deny" appear to the user being denied access?
Thanks.
Visitors who are within a IP range that is banned by deny will be served with a 403 error. If you want to them to see a nice page, instead of the standard Apache error, then you will need something like
ErrorDocument 403 /errors/403.html
in your .htaccess file. It is fairly easy to check rules based on IP addresses are working in your .htaccess by setting the blocked IP to be 127.0.0.1 (i.e. localhost); when you then look at the page in question on localhost, you should see the result of the page being blocked.
In answer to your question about redirecting users, blocking all users from any 1 country seems a little bit overkill; however, try reading up on the RewriteCond directive.
I found this web site to generate a .htaccess to block an access from certain country.
The problem with this is that I want to allow access only within Norway. If I use this service, the list will be very long since I have to list all the country IP addresses.
Is there any way to allow access within country, my case is Norway?
Change all occurences of 'deny' to allow, and all occurrences of 'allow' to deny. Then move the 'deny from all' condition at the end to the beginning of the list.
eg.
<Limit GET HEAD POST>
order allow,deny
deny from 41.205.32.0/19
deny from ....
allow from all
</LIMIT>
becomes
<Limit GET HEAD POST>
order deny,allow
deny from all
allow from 41.205.32.0/19
allow from ....
</LIMIT>
There's some good tutorials about .htaccess.
There are many geoip database vendors that offer solutions for the problem detailed instructions on the subject. Check out http://www.maxmind.com/app/mod_geoip for an apache module that comes with their database which would probably be a perfect fit for your problem.