I've the following code to block single ip address in htaccess and it works fine
SetEnvIF X-Forwarded-For 182.65.209.192 DenyIP
Order allow,deny
Deny from env=DenyIP
Allow from all
Now I want to block country ip addresses from visiting my site.
I tried this but not works
SetEnvIF X-Forwarded-For 37.230.192.0/19 DenyIP
and
SetEnvIF X-Forwarded-For 37.230.192.[0-19] DenyIP
instead of
SetEnvIF X-Forwarded-For 182.65.209.192 DenyIP
How to block the ip range or subnet ip (for ex: 37.230.192.0/19)?
SetEnvIF use regex:
http://httpd.apache.org/docs/current/en/mod/mod_setenvif.html#setenvif
You can use:
SetEnvIF X-Forwarded-For ^37\.230\.192\.[01][0-9]?$ DenyIP
You can't match against CIDR address ranges, you need to use a regular expression. You want something like this:
SetEnvIF X-Forwarded-For 37\.230\.(19[2-9]|2[01][0-9]|22[0-3])\.[0-9]+ DenyIP
SetEnvIf Remote_Addr 37\.230\.(19[2-9]|2[01][0-9]|22[0-3])\.[0-9]+ DenyIP
SetEnvIF X-Forwarded-For 37\.230\.2[23][0-9]\.[0-9]+ DenyIP
SetEnvIf Remote_Addr 37\.230\.2[23][0-9]\.[0-9]+ DenyIP
Related
I have the following .htaccess:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
This .htaccess is used on two domains. On www.livedomain.com I want everyone access. On www.stagingdomain.com I only want the IPs 1.1.1.1, 2.2.2.2, 3.3.3.3 to have access.
This works fine.
Now, on the live site, I want to make a change to allow everyone except one IP (let's say 9.9.9.9).
I've tried doing something like this:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 9.9.9.9 deny
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
But this doesn't work. I would have thought the env variable was overwritten with 'deny' and then the final Allow statement wouldn't apply. Is this not the case?
What's the simplest way to allow everyone from the one domain except one IP in this case?
You should use !varname to unset or remove an already defined variable:
<Limit GET POST>
SetEnvIf Host www.livedomain.com allow
SetEnvIf Remote_Addr 9.9.9.9 !allow
SetEnvIf Remote_Addr 1.1.1.1 allow
SetEnvIf Remote_Addr 2.2.2.2 allow
SetEnvIf Remote_Addr 3.3.3.3 allow
Order deny,allow
Deny from all
Allow from env=allow
</Limit>
Read more about SetEnvIf here
My conf looks a bit different but works as expected:
SetEnvIf Host staging.mydomain.tld passreq
SetEnvIf Remote_Addr 1.1.1.1 !passreq
AuthType Basic
AuthName "Password Required"
AuthUserFile /home//html/.htpasswd
Require valid-user
Order allow,deny
Allow from all
Deny from env=passreq
Satisfy any
In my magento .htaccess file SetEnvIf Host is not working for subdomain, But it is working for domain
WORKING
SetEnvIf Host www\.domain\.com MAGE_RUN_CODE=domain_com
SetEnvIf Host www\.domain\.com MAGE_RUN_TYPE=website
SetEnvIf Host ^domain\.com MAGE_RUN_CODE=domain_com
SetEnvIf Host ^domain\.com MAGE_RUN_TYPE=website
NOT WORKING
SetEnvIf Host www\.sub\.domain\.com MAGE_RUN_CODE=domain_com
SetEnvIf Host www\.sub\.domain\.com MAGE_RUN_TYPE=website
SetEnvIf Host ^sub\.domain\.com MAGE_RUN_CODE=domain_com
SetEnvIf Host ^sub\.domain\.com MAGE_RUN_TYPE=website
Why is it so??? Is there any problem in my code? mod_env is enabled
My magento version is 1.9. Can any one please help me?
Below code is working for me:
SetEnvIf Host ^php\.stagebox\.in MAGE_RUN_CODE=base
SetEnvIf Host ^php\.stagebox\.in MAGE_RUN_TYPE=website
SetEnvIf Host ^phpnoida\.testfire\.in MAGE_RUN_CODE=basestd
SetEnvIf Host ^phpnoida\.testfire\.in MAGE_RUN_TYPE=website
If I want to set an environment variable before RewriteRules are evaluated, I have to use SetEnvIf instead of SetEnv. However, SetEnvIf requires one to have a condition. As it is, I have:
SetEnvIf Request_Method ^ ENV=VALUE
Is there a better way to do this?
You can use mod_rewrite's E flag:
RewriteRule ^ - [E=ENV:VALUE]
Which will guarantee that it gets set before (or after) rules get applied.
Using SetEnvIf you can do something like:
SetEnvIf ENV ^(.*)$ ENV=VALUE
I've had several users from Ontario, Canada contact me and saying they can't access my site. Using the GeoIP Module in my htaccess file I have allowed Canada. Any idea what might be causing this?
Here's my entry in the htaccess file
<IfModule mod_geoip.c>
GeoIPEnable On
# US - United States
# CA - Canada
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
Deny from all
Allow from env=AllowCountry
</IfModule>
The interesting thing is if I do the opposite, they have access like so:
<IfModule mod_geoip.c>
GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE NG BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RO BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE GH BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE SN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE TN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE KE BlockCountry
Deny from env=BlockCountry
</IfModule>
Any idea what might be happening?
Don't trust geographical informations picked up by IP addresses. There are high possibilities that the information associated to the IP is not valid or get outdated quickly.
IP addresses can be dynamically routed, the client user could come via a proxy or tunnel, and so on.
We have several domain name aliases all pointing to the same server and directory (just aliases).
But I'd like to password-protect (htaccess) the site when people come from certain domain names.
Thanks
You can do this using SetEnvIf and <IfDefine>:
SetEnvIfNoCase Host ^www\.example\.com$ host_a
SetEnvIfNoCase Host ^www\.example\.org$ host_b
SetEnvIfNoCase Host ^www\.example\.net$ host_c
<IfDefine host_a>
…
</IfDefine>
<IfDefine host_b>
…
</IfDefine>
<IfDefine host_c>
…
</IfDefine>