: Restrict access to IP address range I’m trying to restrict access to a web resource to the intranet of a company via .htaccess. Unfortunately, the approach via Allow from … isn’t working
I’m trying to restrict access to a web resource to the intranet of a company via .htaccess. Unfortunately, the approach via Allow from … isn’t working for me and and I don’t understand subnets well enough to troubleshoot the issue.
My IP address is (replaced the first two blocks for privacy) 1.2.70.59, the netmask is given by ifconfig as 0xffff0000, i.e. 255.255.0.0. I’ve used an IP address calculator go get the subnet from this.
An answer on Stack Overflow led me to believe that the following should work:
Order deny,allow
Deny from all
Allow from 1.2.0.0/255.255.0.0
Or, using CIDR (only showing the last line):
Allow from 1.2.0.0/16
Neither works. Nor does the following work, as implied by answer on this very site:
Allow from 1.2
In fact, not even the following works:
Allow from 127.0.0.1
But this does work:
Allow from localhost
Although I thought these two to be equivalent. Clearly, I have a gap in my understanding.
For completeness, this is the output of ifconfig | grep inet[^6]:
inet 127.0.0.1 netmask 0xff000000
inet 1.2.70.59 netmask 0xffff0000 broadcast 1.2.255.255
What am I doing wrong?
More posts by @BetL925
3 Comments
Sorted by latest first Latest Oldest Best
The solution was that I accessed the website via localhost/path/to/site rather than 1.2.70.59/path/to/site. Once I changed that, it worked.
First off, are you adding these directives in an .htaccess file or a config file? If the latter, then you need to restart Apache.
Secondly, do you have mod_authz_host enabled? In your httpd.conf, there should be a line like:
LoadModule authz_host_module modules/mod_authz_host.so
Lastly, are you sure it's not working? I.e. are you testing the right path/server? Are you sure a rewrite rule or custom error page isn't making it look like you've gained access to the page even though you're being shown a different page? Also, what's not working? Is it giving access to external IPs or denying access to internal IPs?
Clear your access log (delete the file), restart the server, and test the URL once more; then look at the access log and see what IP address was recorded and what response code was given.
There are other ways of doing it (e.g. via mod_rewrite or SetEnvIf/Allow from env=), but what you're doing should work.
Terms of Use Create Support ticket Your support tickets Stock Market News! © vmapp.org2024 All Rights reserved.