Deny access from IP range

Forum Moderators: phranque

Message Too Old, No Replies

Deny access from IP range

Just won't work on Windows

bustergut

12:04 pm on Feb 11, 2006 (gmt 0)

I have a small PHP/MySQL application running on a Windows XP machine using Apache 1.3. It works very well, but I need to deny access to a range of IP addresses. I have modified the HTACCESS file to read
<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>

<Limit GET HEAD POST>
order allow,deny
deny from 192.168.1.101 (just an example)
allow from all

</LIMIT>

I only managed this with help from various sites on the internet, rather than my own knowledge.

The file is in the HTDOCS directory. When I try to access from a supposedly blocked pc it still works. It's as though the HTACCESS is being ignored.

I have tried using Windows folders permissions to deny access but no luck.

Is my HTACCESS correct?
Or should I use the HTTPD file to do this?

Please don't reply with too complicated an answer.

Matt Probert

2:32 pm on Feb 11, 2006 (gmt 0)

Please don't reply with too complicated an answer.

Ask your hosting provider for help. The keyword you are looking for is "firewall". It is with the firewall that you want to block IP addresses from accessing the server.

Matt

Key_Master

2:58 pm on Feb 11, 2006 (gmt 0)

<Limit GET HEAD POST>
order allow,deny
allow from all
deny from 192.168.1.101
</Limit>

See the mod_access tutorial at, [httpd.apache.org...]

jdMorgan

3:11 pm on Feb 11, 2006 (gmt 0)

It's true that unwelcome IPs should be blocked at the firewall if possible. Sometimes, though, it's not.

If you copied this mod_access [httpd.apache.org] code and have little understanding of it, then it would be best to start with a very simple test:


Order allow,deny
<Files *>
Allow from all
Deny from 192.168.1.101
</Files>

Put this code in a plain-text file named ".htaccess" in the same directory as your "home page". Note that on Windows, this file may have been renamed to "htaccess" (no leading dot) or something else using the AccessFileName [httpd.apache.org] directive. You need to find and use the correct filename for your server configuration.

After any change to any access-control code on your server, you must flush your browser cache before testing, in order to get valid test results.

Get simple code working first before adding more features and their attendant complications.

Jim

bustergut

4:51 pm on Feb 11, 2006 (gmt 0)

Thanks for all the tips. I'm absolutely now sure what I'm doing. Well er sort of. The interesting thing is that all the allows and denies etc only work in the HTTPD.CONF file. .HTACCESS is simply ignored. But I won't worry about that too much.

jdMorgan

5:00 pm on Feb 11, 2006 (gmt 0)

The .htaccess file has to be placed in your Web-accessible home directory, along with your home page and robots.txt file, or in a directory below that. In addition, you must configure AllowOverride in httpd.conf to allow .htaccess to modify the FileInfo, and either allow it to set Options in addition, or set up the Options required my mod_rewrite (such as FollowSymLinks) in httpd.conf.

Also, as I mentioned, the name of the htaccess file must match the filename configured in httpd.conf as well, if that configured name is different does not exactly match the default name ".htaccess".

Putting your code in httpd.conf is usually more efficient, however, except that the server must be restarted every time you change it.

Jim