Block certain IPs using .htaccess behind Cloudflare - .htaccess

I use Cloudflare for my site so usual .htaccess rule won't work. I need to block certain IPs to access my website.
I found this one but won't work:
SetEnvIf X-FORWARDED-FOR 1.1.1.1 deny
order allow,deny
allow from all
deny from env=deny
I also tried this with the same result..
RewriteEngine On
SetEnvIf X-FORWARDED-FOR 109.100.238.188 deniedip
order allow,deny
deny from env=deniedip

"I use Cloudflare for my site so usual .htaccess rule won't work."
These rules should still work fine as long as you have something set to restore visitor IP back to your logs/server (CloudFlare IPs will show without a mod, which could throw things off a little bit).

Related

.htaccess: SetEnvIf Host doesn't work for subdomain

I have to set different Env for different subdomains. For example, domain/subdomain1 MAGE_RUN_CODE=mobile_en, but domain/subdomain2 MAGE_RUN_CODE=global
This code works:
SetEnvIf Host .*mydomain.net.* MAGE_RUN_CODE=mobile_en
But this code doesn't work
SetEnvIf Host .*mydomain.net/ahava-m1-mobile.* MAGE_RUN_CODE=mobile_en
How should I change second code to make it working?
As explained in the comments above, HOST keyword is used for http host headers ie example.com . Since your url contains a path segment /ahava-m1-mobile you need to match against Request-uri variable.
SetEnvIF request_uri ^/ahava-m1-mobile MAGE_RUN_CODE=mobile_en

How to get htaccess to deny acess to a single I.P. on openshift?

I want .htaccess to selectively ignore some I.P. addresses.
I'm pushing the .htaccess file to http://modeldoc-treaties.rhcloud.com/wiki/extensions/log/ip.txt
I know that the .htaccess is being read because when it includes
deny from all
then I get the message "Forbidden".
But when I change the .htaccess file to say
deny from <my current I.P from whatsmyip>
then I'm not denied access.
Edit: after shooper's suggestion I tried (to allow just me)
Order Deny,Allow
deny from all
allow from <my.ip>
which blocks me, and also (to deny just me)
Order Allow,Deny
allow from all
deny fro <my.ip>
which allows me. So I guess the problem is I don't know what my i.p. actually is once it gets forwarded on openshift.
OpenShift has a reverse proxy in front of your application, so the ip that shows up to your .htaccess file is not the users real ip, it is stored in the x-forwarded-for header.
I think you probably need the "Order" directive as seen at http://httpd.apache.org/docs/2.2/howto/access.html.
Order deny,allow
Deny from <your current I.P. address>
Allow from all

htacces, Redirect on deny

i'd like to make a redirect after a deny - because now, it's shows the apache Startpage.
My htaccess-code:
ErrorDocument 403 /forbidden.php
Deny from .ru
Deny from .cn
unfortunately it doesn't work, why?
thanks
thomas
This is only working if Apache can geht the DN of the client by double reverse lookup. If the reverse lookup has no result your rule will not work and the client gets access. You see, that this is not very reliable and you should switch to GEOIP.
If the deny rule is working and the desired page does not show, remember that the location is relative to the document root. So if your forbidden.php in subfolder /test you will need to set the rule like this:
ErrorDocument 403 /test/forbidden.php
Deny from .ru
Deny from .cn
Even if .htaccess and forbidden.php are in /test subfolder.

Can't seem to get .htaccess to only allow my IP

I have my .htaccess setup as
order deny, allow
deny from all
allow from 123.my.ip
my IP is what ipchicken is giving me yet I am getting internal server error from any address. I have also tried multiple IP locations.
Following Apache copied from there site with this format just gives me forbidden even from my address...
Order Deny,Allow
Deny from all
Allow from my.ip.address
I have followed this question with no success...
.htaccess block all but my ip
I have also tried below from the following link with the same results...
http://kb.siteground.com/how_to_redirect_all_visitors_except_your_ip_to_another_site/
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^1.2.3.4
RewriteRule .* http://www.anothersite.com [R=302,L]
Just in case its relevant, i'm running magento on a AWS server. Running out of ideas to try...
If you tried:
order deny,allow
deny from all
allow from {111.111.111.111} <-- example ip
its very straight forward that it should be working
what you need to do is enable rewrite.log in your apaches virtualhost config
to determine whats going on in there with mod rewrites/
make sure that you have given your apache virtuahost auth to read from .htaacess file
** Override to All
you shouldn't use mod_rewrite rules to disallow any ip but your, keep that for specific page rewriting, the above code should be fine.
Make sure! that you're IP address is your Internet ip address and not an internal ip address. Go on google and type in "what is my ip" it should give you the correct one
if none works, there's definitely something funky going on with your .htaccess file. Try to paste your entire .htaccess file to somewhere where we can all view it. There may be errors on your .htaccess file. Make sure magentos admin isn't over-writing your .htaccess file.
with .htaccess its a big factor where you place the rules. sometimes having too many things on there can confuse the web server if its not in order.

Protect restrict Solr Admin url from external user using .htaccess or tomcat

I have recently installed Solr on server and i want to restrict only local users can access it with .htaccess
site.com:8983/solr/admin [ restrict all user]
And below is the .htaccess code
RewirteRule on
<FilesMatch "127.0.0.1:8983/solr/admin">
Order Deny, Allow
Deny form all
Allow 127.0.0.1
</FilesMatch>
Or is there any method we can protect / restrict Solr Admin on site.com:8983/solr/admin accessing from other users
Only local ip users can use it..
And i tried this one, but its not working.
Your <FilesMatch "127.0.0.1:8983/solr/admin"> line will never match anything because you've stuck the hostname and port in the regular expression. Try using the Location container instead:
<Location "/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Location>
Or better yet, Directory:
<Directory "/path/to/your/document/root/solr/admin">
Order Deny, Allow
Deny from all
Allow 127.0.0.1
</Directory>
You'll need to fill in the full path to the solr/admin directory.
Get rid of the RewirteRule on line, it doesn't do anything and it's not even spelled right and will cause a 500 error.
However, neither of these directives can be use in an htaccess file. You need to use these in either the server of vhost config. If you must use an htaccess file, then create an htaccess file in your solr/admin directory and simply put these directives in it:
Order Deny, Allow
Deny from all
Allow 127.0.0.1
Or, in the htaccess file in your document root:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !127.0.0.1
RewriteRule ^/?solr/admin - [L,F]
Check following links. Hope they will help you.
Restrict Solr Admin Access
Solr Security
Securing Solr administrative console
How to protect Apache Solr admin console

Resources