: Limit access to rewritten uri based on IP address I'd like to limit access to a Drupal 7 registration page (/user/register) from certain IP addresses. I've tried to set the apache directive,
I'd like to limit access to a Drupal 7 registration page (/user/register) from certain IP addresses.
I've tried to set the apache directive, but it's still letting me access it from an IP that isn't specified.
Here's a snippet of my virtualhost directive
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName ######
ServerAlias ######
ErrorLog logs/######-error_log
CustomLog logs/######-access_log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) ######%{REQUEST_URI}?%{QUERY_STRING} [R=301,L]
<Location /user/register>
Order deny,allow
Deny from all
Allow from ***.***.***.***
</Location>
</VirtualHost>
More posts by @Deb1703797
2 Comments
Sorted by latest first Latest Oldest Best
There's a couple of things you can try that I'll show starting with the easiest:
<VirtualHost *:443>
DocumentRoot /var/www/html
ServerName ######
ServerAlias ######
ErrorLog logs/######-error_log
CustomLog logs/######-access_log combined
<Location /user/register>
Order deny,allow
Deny from all
Allow from ***.***.***.***
</Location>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot /var/www/html
ServerName ######
ServerAlias ######
ErrorLog logs/######-error_log
CustomLog logs/######-access_log combined
RewriteEngine On
RewriteCond %{HTTPS} off
RewriteRule (.*) ######%{REQUEST_URI}?%{QUERY_STRING} [R=301,L]
<Location /user/register>
Order deny,allow
Deny from all
Allow from ***.***.***.***
</Location>
</VirtualHost>
What I did was basically copy everything into a virtual host container for HTTPS so that your settings apply for both HTTP AND HTTPS.
Another option is to modify the contents of the script that serves the document you want to protect so that it blocks out accesses from unacceptable IP addresses.
If its in PHP, you can add the following line directly under <?php:
If ($_SERVER['REMOTE_ADDR'] != "xxx.xxx.xxx.xxx"){echo "Access denied";exit();}
Replace xxx.xxx.xxx.xxx with the IP address to accept. If you want two IP addresses instead, you can add this line:
If ($_SERVER['REMOTE_ADDR'] != "xxx.xxx.xxx.xxx" && $_SERVER['REMOTE_ADDR'] != "yyy.yyy.yyy.yyy"){echo "Access denied";exit();}
You are redirecting all requests to HTTPS (port 443 by default), but your <Location> directive is in the <VirtualHost *:80> container (port 80 - HTTP).
Aside... the <Location> directive is generally not recommended for restricting access since resources can often be accessed by multiple URLs, circumventing the restriction. (For instance, you'll also need to make sure the rewritten URL is also blocked.)
You also don't need ?%{QUERY_STRING} in the RewriteRule substitution. The query string is appended by default.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.