Allow / Deny IP access using Apache HTTP Server
In order to limit access to your application deployed on an Apache HTTP Server, you just have to edit one file : httpd.conf.
For example please take a look at the following settings :
<Directory "/var/www/yourapp"> Options Indexes FollowSymLinks MultiViews Includes allowOverride All Order allow, deny allow from 127 allow from 192.168.1.0/24 </Directory>
This will allow access to “yourapp” only from localhost or from the network indicated (192.168.1.0). Please note that you don’t have to write the entire IP, Apache can figure out what’s missing. The most important rule is that what you don’t specify, Apache won’t allow. If you want to give access to some IP, you have to specify it, default is deny.
Take a look at the other example:
<Directory "/var/www/yourapp"> Options Indexes FollowSymLinks MultiViews Includes allowOverride All Order deny, allow allow from all deny from 123.456.(10[0-9]¦11[0-9]¦12[0-7]). </Directory>
Note that you can use regex to define the IP rule you want to implement.
Be careful about your allow / deny rules. The order in which you define them is very important. Apache will arrange the rules based on what you have in the “Order” clause and then treat them line by line, overriding previous rules if that’s the case!
For instance this
allow 123.
Deny 134.
allow 234.
allow all
Deny 145
if the order is Deny, allow, it will be processed as:
Deny 134.
Deny 145.
allow 123.
allow 234.
allow all
With allow, Deny, it will be processed as:
allow 123.
allow 234.
allow all
Deny 134.
Deny 145.
Also, if Apache encounters overlapping rules for the same IPs, the last rule will be implemented. For instance, in the case of an Order allow, Deny, the “allow all” rule will override the deny rules.
