forgive the trivial question but I don't understand how to use ip addresses properly to deny access to my site. Let's say i have got the web site www.mywebsite.com. Suppose I have the following 3 ip addresses from my office machine:
ipv4: 192.1.2.3
default gateway: 192.1.2.345
and the global ip for my network: 456.34.56.78 (retrieved using www.globalip.com)
Now I would like to grant access to any user in my network hence i would have thought that the right number to use is the global ip 456.34.56.78 common to all machine in my office:
I am using the following code:
# redirect all visitors to alternate site but retain full access for you
ErrorDocument 403 http://www.bbc.com
Order deny,allow
Deny from all
Allow from 456.34.56.78
but it is not working. It is redirecting all machine in my network as well as external ones.
What I am doing wrong? Thank you for your help
Related
For security reasons I want to restrict in .htaccess all traffic that is not coming via Cloudflare. I have already script that blocks all non Cloudflare IPs but on some hostings it just doesn't work. I want to check if request header contains header CF-RAY, regardless of value, and if not, return 403 error.
Thank you for any suggestions!
Try with:
RewriteCond %{HTTP:CF-RAY} ^$
RewriteRule ^ - [F,L]
If it is for security reasons using a header is dangerous. It is effortless to send you this header from another source.
It is better to restrict by IP to requests from CloudFlare
https://www.cloudflare.com/ips/
If it is Apache you can add something like this in .htaccess
deny from all
allow from ... (one row for every range in above url)
Yeah this is super easy to do by placing this in the top of your .htaccess file
#apache_2.4_cloudflare_bypass_protection_htaccess
#Place in top of .htaccess in document root that needs protected
#
## References
#https://docs.sucuri.net/website-firewall/configuration/prevent-sucuri-firewall-bypass/
#https://docs.sucuri.net/website-firewall/troubleshooting/bypassing-firewall-for-testing/
#https://community.cloudflare.com/t/prevent-users-bypassing-cloudflare-to-access-my-site/4606
#https://blog.christophetd.fr/bypassing-cloudflare-using-internet-wide-scan-data/
#https://www.cloudflare.com/ips/
#https://support.cloudflare.com/hc/en-us/articles/204899617
# BEGIN Cloudflare Firewall Bypass Prevention
#Apache 2.4 Server
<FilesMatch ".*">
Require ip 173.245.48.0/20
Require ip 103.21.244.0/22
Require ip 103.22.200.0/22
Require ip 103.31.4.0/22
Require ip 141.101.64.0/18
Require ip 108.162.192.0/18
Require ip 190.93.240.0/20
Require ip 188.114.96.0/20
Require ip 197.234.240.0/22
Require ip 198.41.128.0/17
Require ip 162.158.0.0/15
Require ip 104.16.0.0/12
Require ip 172.64.0.0/13
Require ip 131.0.72.0/22
Require ip 2400:cb00::/32
Require ip 2606:4700::/32
Require ip 2803:f800::/32
Require ip 2405:b500::/32
Require ip 2405:8100::/32
Require ip 2a06:98c0::/29
Require ip 2c0f:f248::/32
# Allow from INSERT YOUR IP HERE
</FilesMatch>
# END Cloudflare Firewall Bypass Prevention
Full disclaimer: I have a git repo full of premade ones for Sucuri/Cloudflare for Openlitespeed/Litespeed/Apache.
https://gitlab.com/mikeramsey/apache-htaccess-rules/-/tree/master/
How I can access the temporary URL the host provided (such http://server9.company.com/~myname as my domain or any other domain without tralling slash before DNS update?
For example: Access http://server9.company.com/~myname as http://www.example.com
I do not have a dedicated IP
If you are running a Windows OS then you can update your hosts file to include the desired name and the IP address of your shared hosting box.
In Windows 7 the file is located at C:\Windows\System32\drivers\etc\hosts There should be a couple of examples in the file but you basically want to add;
<ip of hosting server> www.example.com
If you are using a different OS please let me know so I can update the answer.
I want to block traffic coming from IP-addresses far outside of my region in germany, so people from cities more than 300 km away cannot access it(barring they use a proxy).
How do I find the IP-Addresses to include/exclude?
You cannot restrict dynamically via htaccess.
(In your site homepage if your website is built in PHP)
You can use
$_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_HOST'] variables.
to find out the IP of the client visiting your website and then if its beyond your particular radius, you redirect them.
To find out the distance between two IP address, please see Get the geographic distance between 2 IP addresses?
To allow only a particular IP, you can use htaccess as follows :
order allow,deny
allow from 255.0.0.0
deny from all
Hope this helps.
I have set up a restriction on my /user/phpmyadmin/apache.conf file so that only I can access the phpmyadmin page.
Order deny,allow
Deny from all
Allow from 92.8.xxx.xxx
I have a dynamic ip address and everytime my router gets reset I have to change the ip address in the apache.conf file.
Is there a way around this issue?
I haven't tried this myself but it should work:
Go to http://www.no-ip.com/ and register a free domain. Download one of their clients and run it on your pc. It will automatically update your external ip address to that free domain. You can then just put that domain address directly: eg
Allow from example.serve.com
NOTE: the client app does need to run on your pc 24/7 so it can keep updating.
I have a local Web site that I would like to tighten access to only those within the United States; or perhaps only within Florida. It's a Word Press site that has gotten hacked due to some weak code. I've seen two sources of IP address lists for .htaccess "allow deny" control by IP Address.
IP by Country/Continents:
http://www.countryipblocks.net/continents/
Wizcrafts List:
http://www.wizcrafts.net/htaccess-blocklists.html
What is the best approach for blocking everything except United States traffic? How would you approach the deny/allow? Would you deny other Countries or try to allow only the U.S.?
Thanks for any comments, Jeff
Add this list to the .htaccess located on the root folder of your server.
It will only allow connections from the US.
ex .htaccess file:
allow from IP
203.31.234.0/24
129.230.176.0/20
etc...
you can use deny from All in order to forbid access to your site!
In countryipblocks you can download all IPs from the area you want and add allow from IP to your .htaccess file! so only those IPs can access to your site!
Edit: Remember you can add IP range instead of one IP!
I downloaded .htacees from that site, and that was ok!