Restrict access to dynamic IP / domain name?

Forum Moderators: phranque

Message Too Old, No Replies

Restrict access to dynamic IP / domain name?

luedvic

2:46 am on Feb 13, 2013 (gmt 0)

I am a noob when it comes to Apache and .htaccess. I know it's easy to setup whitelists/blacklists for specific IPs, but is it possible to have the server do a DNS lookup and only allow a dynamic IP coming from a specific domain such as "myotherplace.dyndns.org" for example?

phranque

9:08 am on Feb 13, 2013 (gmt 0)

I would recommend against that solution - if you added a DNS lookup for every request that would slow down your server.

luedvic

12:28 pm on Feb 13, 2013 (gmt 0)

I would recommend against that solution - if you added a DNS lookup for every request that would slow down your server.

I figured that this is not a wise practice, especially for large sites but I simply would like to know if it is possible. If it is possible, I'll consider configuring my server in that manner since I am the only person ever visiting it and all I use it for is a my own personal wiki and testing apache configuration settings.

lucy24

1:59 pm on Feb 13, 2013 (gmt 0)

In addition to slowing down the server, it makes a mess of your logs. They'll change from this

67.122.aaa.bbb - - [12/Feb/2013:19:14:33 -0800] "GET / HTTP/1.1" 403 799 "-" "<here I am>"

to this

adsl-67-122-aaa-bbb.dsl.pltn13.pacbell.net - - [12/Feb/2013:19:15:08 -0800] "GET / HTTP/1.1" 200 682 "-" "<here I am>"

(I've seen this before but had to double-check. In this particular case the IP address is still extractable, but in some log entries it wouldn't be visible at all. In others it may come out backward. Plays havoc with log processing, anyway.)

phranque

2:01 pm on Feb 13, 2013 (gmt 0)

by the way - welcome to WebmasterWorld, luedvic!

the mod_authz_host apache module is your answer but note that the specific solution depends on your version of apache so make sure you refer to the correct version of the apache docs.

phranque

2:10 pm on Feb 13, 2013 (gmt 0)

lucy24 is referring to setting HostnameLookups On in which case you can check the REMOTE_HOST environment variable in .htaccess to forbid access.

i'm not sure if the mod_authz_host option has any affect on your log files but i doubt it.

lucy24

2:51 pm on Feb 13, 2013 (gmt 0)

Actually, I'm referring to what happens if you simply put in a line like

Deny from somename.net

without changing anything else. The moment anything other than a CIDR range appears in your mod_authz list, everything in the server's innards toggles over to Lookup Mode-- which I assume has a technical term that I don't know-- and it stays that way until you hunt down and remove the offending line. Same thing happens if you throw a RegEx into the same list. I remember there was some discussion about this, probably in SSID, but it was a goodish while ago.

luedvic

2:56 am on Feb 14, 2013 (gmt 0)

Thank you, I'm glad I found Webmaster World, I have a feeling I will be posting & reading often. :)