Forum Moderators: phranque
I suspect this is a simple problem but I am at a lost to solve it.
I wish to deny access to a directory to all except a small list of IP's,hosts/ranges
No specific IP's are used here, sorry for any inadvertent match.
The list of IP's tp allow access to:
123.123.123.123
124.124.124.124
ahoston.mydomain.com
125.125.125.125/25
From my reading of the posts and Jims helpful advice I thought the following code should do it:
order allow,deny
deny from all
allow from 123.123.123.123,124.124.124.124,ahoston.mydomain.com,125.125.125.125/25
But this causes a 500 server error with the log entry reading invalid IP or an error in the log stating client is denied (I am browsing from one of the IP's configured using no proxy). Very confusing.
I also tried:
order allow,deny
deny from all
allow from 123.123.123.123,124.124.124.124
allow from ahoston.mydomain.com
allow from 125.125.125.125/25
With the same results. Finally I tried:
order allow,deny
deny from all
allow from 123.123.123.123
allow from 124.124.124.124
allow from ahoston.mydomain.com
allow from 125.125.125.125/25
No joy there either.
Can anyone please help and let me know where I am going wrong?
Yours hopefully
Matt
Welcome to WebmasterWorld!
Use spaces to separate multiple IPs on one line, not commas.
Try to get this working with one IP address or IP address range first, then add to that.
If you get an error, review your error log and post the results with the code.
Jim
Thanks for the welcome.
IP's have been changed obviously so take it as read I am browsing from 123.123.123.123.
*=removed portions of the logs/path to comply with the TOS.
--
This code in htaccess:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124
Produces:
[Mon Nov 29 16:04:39 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
--
This code in htaccess:
order allow,deny
deny from all
allow from 123.123.123.123 124.124.124.124
Produces:
[Mon Nov 29 16:10:21 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
--
This code in htaccess:
order allow,deny
deny from all
allow from 123.123.123.123
Produces:
[Mon Nov 29 16:13:41 2004] [error] [client 123.123.123.123] client denied by server configuration: /home/*/*/*/var/www/html/productfeeds/*/index.php
--
This code in htaccess:
order deny,allow
deny from all
allow from 123.123.123.123
Produces:
Nothing. This works fine. But I understand the deny/allow order to be the wrong way around?
--
This code in htaccess:
order deny,allow
deny from all
allow from 123.123.123.123,124.124.124.124
Produces:
[Mon Nov 29 16:27:05 2004] [error] [client 123.123.123.123] client denied by server configuration: /home/*/*/*/var/www/html/productfeeds/*/
--
This code in htaccess:
order allow,deny
deny from all
allow from 123.123.123.123,124.124.124.124
[Mon Nov 29 16:31:18 2004] [error] [client 123.123.123.123] client denied by server configuration: /home/*/*/*/var/www/html/productfeeds/*/
--
As you can see I am getting tied in knots.
Please feel free to post sample htaccess code for me to try and I will post the resultant logs back if it generates any.
Any help much appreciated.
Matt
This code in htaccess:
order deny,allow
deny from all
allow from 123.123.123.123Produces:
Nothing. This works fine. But I understand the deny/allow order to be the wrong way around?
If you read the description of the Order [httpd.apache.org] directive carefully, paying particular attention to the strict 'logic' definition of the words 'and' and 'or', you'll see why the allow,deny order will not work.
Jim
Word games in my mind somehow caused me to twist it around.
Ok then focusing on the correct code I get the following:
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123,124.124.124.124
Produces:
[Mon Nov 29 21:28:02 2004] [error] [client 123.123.123.123] client denied by server configuration: /home/*/*/*/var/www/html/productfeeds/*/
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124 ahoston.mydomain.com 125.125.125.125/25
Produces:
[Mon Nov 29 21:34:52 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124
Produces:
Nothing, works fine. (thanks jim for the space rather than commas tip).
So adding one one at a time:
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124 ahoston.mydomain.com
Produces:
[Mon Nov 29 21:43:08 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
Ahh ha so the domain host is the trouble bit. Swapping it out for the range instead.
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124 125.125.125.125/25
Produces:
[Mon Nov 29 21:48:15 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
Try to move the troublesome range to a new line.
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124
allow from 125.125.125.125/25
Produces:
[Mon Nov 29 21:48:58 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
Suddenly I doubt that moving the host to a new line would make any difference. Perhaps it is the fact that there are 3 vars in the list.
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124 125.125.125.125
Produces:
[Mon Nov 29 22:00:58 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
So perhaps it can only support two vars in the same line:
--
This htaccess code:
order deny,allow
deny from all
allow from 123.123.123.123 124.124.124.124
allow from 125.125.125.125 126.126.126.126
Produces:
[Mon Nov 29 22:03:54 2004] [alert] [client 123.123.123.123] /home/*/*/*/var/www/html/productfeeds/*/.htaccess: The specified IP address is invalid.
--
Perhaps I should ask an expert. Jim.... :) Any ideas or input that could help me out?
What is the correct syntax for using a host and a range? Why can't we list more than two IP's in the allow from line? Has this insidously simple challenge beaten us?
If you'd like me to PM you the specific IP's let me know.
Yours hopefully
Matt
Keep your addresses, domains, and CIDR specifications on separate lines until you figure it out. Then work on optimizing the code by combining lines. Otherwise, you can't tell one problem from another.
Jim
The issue is now resolved.
Would you believe it was a font issue!)
The pasting of a sent IP and the fonts used meant I couldn't tell l (L) from 1 (one). No wonder it was an invalid IP.
I learnt from the experience however and your feedback really helped me progress a few steps the ladder of understanding.
Sorry to have troubled everyone. My system is now reconfigured.
Matt
