I have a htaccess file with following code when trying to block an IP:
DirectoryIndex index.php index.html
ErrorDocument 404 /errors.php
Order Allow,Deny
Deny from 188.143.232.
Allow from all
Blocking my own IP works when browsing www.example.com, but it does not block for anything else (like www.example.com/index.php or www.example.com/home, ....). The htaccess is located in the same directory as index.php (httpdocs folder).
How can I get it to work?
You can also use a mod-rewrite based ip-blocking to block unwanted ip(s) :
RewriteEngine on
#--if client ip==188.143.232
RewriteCond %{REMOTE_ADDR} ^188\.143\.232
#--forbid the request
RewriteRule ^ - [F,L]
my page frequently gives errors like forbidden access or internal server error, i think the problem its because my .htaccess file configuration, here it is :
<Files ~ "^\.(htaccess|htpasswd)$">
deny from all
</Files>
Options Indexes
ErrorDocument 400 ../errors/400.html
ErrorDocument 401 ../errors/401.html
ErrorDocument 403 ../errors/403.html
ErrorDocument 404 ../errors/404.html
ErrorDocument 500 ../errors/500.html
RewriteEngine on
RewriteCond %{HTTP_HOST} ^(www\.bedif\.net)(:80)? [NC]
RewriteRule ^(.*) http://bedif.net/$1 [R=301,L]
DirectoryIndex index.html
order deny,allow
deny from ../tools/
deny from ../lightbox/
deny from ../errors/
deny from ../images/
2 things:
deny from ../tools/ makes no sense at all, and all your deny from lines are causing a 500 error. The mod_auth docs say the syntax for this is:
Deny from all|host|env=[!]env-variable
Which means it can either be a "all", a host/IP, or an environmet variable. ../tools/ is none of them. You can't put paths in a Deny.
The ErrorDocument directive takes either a full URL, or an absolute path to a file. Anything else, apache assumes you're giving it a specific error message. This means, if you go to a file that doesn't exist, you'll get a 404 and the page will literally say:
../errors/404.html
as the page's message, and not the contents of the html file. Change those to absolute paths.
I'm using a whitelist on IP's, and as such I'd like to inform the user why this is so.
order deny, allow
deny from all
allow from 24.11.95.152
My IP whitelist in HTACCESS ^
Now, I set the ErrorDocument to /403
ErrorDocument 403 /403
and finally I rewrite /403 to uhoh.php
RewriteEngine On
RewriteRule ^403/?$ uhoh.php [NC]
However, I still get the typical error from LiteSpeed.
You can use ErrorDocument directly with the file you wish to use for custom message.
In your case would look like this:
ErrorDocument 403 /uhoh.php
From your example, it looks like you're trying to double redirect the error page which is not really needed.
i need .htaccess code to redirect and ban ip's ,i mean if i try to load www.site.com with 123.456.789.101 ip address allow me, but if someone else try to load ,redirect them to other subdomain like sub.site.com , i write below code but dont work correctly.
<Limit GET POST PUT> Order Deny,Allow
Deny from all
Allow from 123.456.789.101
</Limit>
301 redirect / http://new.site.com
<Files otherpage.html>
Order Allow,Deny
Allow from all
</Files>
please help , Tank You
Replace your Limit block and 301 redirect with this:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} !^123\.456\.789\.101$
RewriteRule ^(.*)$ http://new.site.com/$1 [L,R=301]
So that it's above your Files block (though I'm not sure why you'd need that)
I'm trying to deny all and allow only for a single IP. But, I would like to have the following htaccess working for that single IP. I'm not finding a way to have both working: the deny all and allow only one, plus the following options:
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
#Removes access to the system folder by users.
#Additionally this will allow you to create a System.php controller,
#previously this would not have been possible.
#'system' can be replaced if you have renamed your system folder.
RewriteCond %{REQUEST_URI} ^system.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#When your application folder isn't in the system folder
#This snippet prevents user access to the application folder
#Submitted by: Fabdrol
#Rename 'application' to your applications folder name.
RewriteCond %{REQUEST_URI} ^application.*
RewriteRule ^(.*)$ /index.php?/$1 [L]
#Checks to see if the user is attempting to access a valid file,
#such as an image or css document, if this isn't true it sends the
#request to index.php
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>
<IfModule !mod_rewrite.c>
# If we don't have mod_rewrite installed, all 404's
# can be sent to index.php, and everything works as normal.
# Submitted by: ElliotHaughin
ErrorDocument 404 /index.php
</IfModule>
Is there a way to make this work?
order deny,allow
deny from all
allow from <your ip>
I know this question already has an accepted answer, but the Apache documentation says:
The Allow, Deny, and Order directives, provided by mod_access_compat,
are deprecated and will go away in a future version. You should avoid
using them, and avoid outdated tutorials recommending their use.
So, a more future-proof answer would be:
<RequireAll>
Require ip xx.xx.xx.xx yy.yy.yy.yy
</RequireAll>
Hopefully, I've helped prevent this page from becoming one of those "outdated tutorials". :)
This can be improved by using the directive designed for that task.
ErrorDocument 403 /specific_page.html
Order Allow,Deny
Allow from 111.222.333.444
Where 111.222.333.444 is your static IP address.
When using the "Order Allow,Deny" directive the requests must match either Allow or Deny, if neither is met, the request is denied.
http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order
Slightly modified version of the above, including a custom page to be displayed to those who get denied access:
ErrorDocument 403 /specific_page.html
order deny,allow
deny from all
allow from 111.222.333.444
...and that way those requests not coming from 111.222.333.444 will see specific_page.html
(posting this as comment looked terrible because new lines get lost)
Improving a bit more the previous answers, a maintenance page can be shown to your users while you perform changes to the site:
ErrorDocument 403 /maintenance.html
Order Allow,Deny
Allow from #.#.#.#
Where:
#.#.#.# is your IP: What Is My IP Address?
For maintenance.html there is a nice example here: Simple Maintenance Page
Add the following command in .htaccess file. And place that file in your htdocs folder.
Order Deny,Allow
Deny from all
Allow from <your ip>
Allow from <another ip>
Just in addition to #David Brown´s answer, if you want to block an IP, you must first allow all then block the IPs as such:
<RequireAll>
Require all granted
Require not ip 10.0.0.0/255.0.0.0
Require not ip 172.16.0.0/12
Require not ip 192.168
</RequireAll>
First line allows all
Second line blocks from 10.0.0.0 to 10.255.255.255
Third line blocks from 172.16.0.0 to 172.31.255.255
Fourth line blocks from 192.168.0.0 to 192.168.255.255
You may use any of the notations mentioned above to suit your CIDR needs.
I wasn't able to use the 403 method because I wanted the maintenance page and page images in a sub folder on my server, so used the following approach to redirect to a 'maintenance page' for everyone but a single IP*
RewriteEngine on
RewriteCond %{REMOTE_ADDR} !**.**.**.*
RewriteRule !^maintenance/ http://www.website.co.uk/maintenance/ [R=302,L]
Source: Creating a holding page to hide your WordPress blog
order deny,allow
deny from all
allow from set your IP
using htaccess to restrict access by ip
You can use the following in htaccess to allow and deny access to your site :
SetEnvIf remote_addr ^1\.2\3\.4\.5$ allowedip=1
Order deny,allow
deny from all
allow from env=allowedip
We first set an env variable allowedip if the client ip address matches the pattern, if the pattern matches then env variable allowedip is assigned the value 1 .
In the next step, we use Allow,deny directives to allow and deny access to the site. Order deny,allow represents the order of deny and allow . deny from all this line tells the server to deny everyone. the last line allow from env=allowedip allows access to a single ip address we set the env variable for.
Replace 1\.2\.3\.4\.5 with your allowed ip address.
Refrences :
https://httpd.apache.org/docs/2.4/mod/mod_setenvif.html
https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html
You can have more than one IP or even some other kind of allow like user, hostname, ... more info here https://www.askapache.com/htaccess/setenvif/
SetEnvIf remote_addr ^123.123.123.1$ allowedip=1
SetEnvIf remote_addr ^123.123.123.2$ allowedip=1
SetEnvIf remote_addr ^123.123.123.3$ allowedip=1
SetEnvIf remote_addr ^123.123.123.4$ allowedip=1
Order deny,allow
deny from all
allow from env=allowedip
ErrorDocument 403 /maintenance.html
Order Allow,Deny
Allow from #:#:#:#:#:#
For me, this seems to work (Using IPv6 rather than IPv4) I don't know if this is different for some websites but for mine this works.
If you want to use mod_rewrite for access control you can use condition like user agent, http referrer, remote addr etc.
Example
RewriteCond %{REMOTE_ADDR} !=*.*.*.* #you ip address
RewriteRule ^$ - [F]
Refrences:
https://httpd.apache.org/docs/2.4/rewrite/access.html