Forum Moderators: phranque
I would simply like to block access to a directory on my server from a range of IP addresses (my company, to avoid snoopy coworkers) but I'd still like to allow access from my IP address (which unfortunately falls within the range I want to block), because surfing my own site while on the clock is what it's all about.
Anyway, is this possible? I tried the obvious
order allow,deny
deny from CBA.FED.G.
allow from CBA.FED.G.me
allow from all
but no dice, I still get locked out. Am I asking the impossible?
Thanks.
Welcome to WebmasterWorld!
I'm no expert on Allow/Deny, but it doesn't sound like what you want to do is possible. However, you could do it with mod_rewrite:
RewriteCond %{REMOTE_ADDR} ^CBA\.FED\.G\.
RewriteCond %{REMOTE_ADDR} !^CBA\.FED\.G\.ME$
RewriteRule ^folder - [F]
This would block access to the directory /folder (with an HTTP response of "403 (FORBIDDEN)"). It would go in an .htaccess file in your root directory - to do the same thing in httpd.conf, change it to ^/folder.
Chad
I'm not much of an Apache expert, so I think I might've screwed up your suggestion. This is essentially what I created
RewriteCond %{REMOTE_ADDR} ^CBA\.FED\.G\.
RewriteCond %{REMOTE_ADDR}!^CBA\.FED\.G\.ME$
RewriteRule ^folder - [my_folder_name]
it's either failing to block anything, or it's blocking me too. I didn't change REMOTE_ADDR at all, was I supposed to? (Like I said, I'm pretty dumb on this stuff.)
Any ideas what I could be doing wrong? Tips for some troubleshooting?
Thanks!
You're right, you don't replace REMOTE_ADDR, only the CBA\.FED\.G with the correct ip address. Make sure you do a backslash before the period though. I changed the letters to an address ip block below, so it makes a little more sense. Also, you should replace the string "folder" with the correct folder name, and leave the [F]. Or in the example below, replace "replace_me". :)
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.100$
RewriteRule ^replace_me - [F]
Chad
This is what I've put in an .htaccess file in my public_html folder (root level public web folder, home/public_html):
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
RewriteCond %{REMOTE_ADDR}!^192\.168\.1\.100$
RewriteRule ^private - [F]
in the public_html folder is the folder "private" (home/public_html/private)
I want to block all visits from 192.168.1., except my own, which come from 192.168.1.100.
It seems to be failing to block as such. Any further thoughts?
Thanks so much.
Actually, it's my fault - you need "RewriteEngine On" at the beginning, otherwise it doesn't do anything. Other than that, it sounds like everything is right...
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.100$
RewriteRule ^private - [F]
Chad
If I remove the exception for my IP address (the terminal two digits of which are only one number off of another computer), I'm blocked and so is the other computer.
But, if I add the exception, both myself and the other machine can access it.
If I add the other machine's full IP address to a line to block it, i.e.,
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.101
It successfully blocks that computer.
There could be some weirdness going on with my network or my server, it's really hard to say.
Thanks.
RewriteEngine On <--------- Turn on mod_rewrite
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\. <------ if the ip address starts with 192.168.1.
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.100$ <----- and the ip address is not 192.168.1.100
RewriteRule ^private - [F] <------ then all requests to directory /private should be [F]orbidden
Hope that helps. If not, someone will probably come along this afternoon and show me where I'm wrong :)
Chad
RewriteEngine on
# Forbid IP range
RewriteCond %{REMOTE_ADDR} ^192\.168\.1\.
# except for my specific address
RewriteCond %{REMOTE_ADDR} !^192\.168\.1\.100$
RewriteRule ^private - [F]
Cheers.
