0

Im trying to host a index for my project logs on apache to be accessed from the internal network.

The website location is /srv/www/htdocs. I tried to put the allow ip in the .htaccess file there and it didn't work there.

I also tried putting it in the httpd.conf file httpd.conf

That did not work also. Im trying to only get one computer on a static IP to access it. The apache 2.4 is running on OpenSuse

# global (server-wide) SSL configuration, that is not specific to 
# any virtual host
Include /etc/apache2/ssl-global.conf

# global (server-wide) protocol configuration, that is not specific
# to any virtual host
Include /etc/apache2/protocols.conf

# forbid access to the entire filesystem by default
<Directory />
    Options None
    AllowOverride ALL
    <IfModule !mod_access_compat.c>
        Require all denied
    </IfModule>
    <IfModule mod_access_compat.c>
        Order deny,allow
        Deny from all
    </IfModule>
</Directory>

<Directory "/var/www/htdocs/">
Options Indexes FollowSymLinks
AllowOverride None
REquire all denied
Require ip 192.168.30.54
</Directory>

# use .htaccess files for overriding,
AccessFileName .htaccess
# and never show them
<Files ~ "^\.ht">
    <IfModule !mod_access_compat.c>
        Require all denied
    </IfModule>
    <IfModule mod_access_compat.c>
        Order allow,deny
        Deny from all
    </IfModule>
</Files>

v:78.0) Gecko/20100101 Firefox/78.0"
192.168.30.13 - - [26/Feb/2021:00:23:54 -0500] "GET / HTTP/1.1" 200 2257 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.30.13 - - [26/Feb/2021:00:23:54 -0500] "GET /favicon.ico HTTP/1.1" 404 985 "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"
192.168.30.13 - - [26/Feb/2021:00:34:13 -0500] "GET / HTTP/1.1" 304 - "-" "Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0
Mr Song
  • 1
  • 2

1 Answers1

2

The correct entry in httpd.conf should be:

   <Directory "/var/www/html">
    Options Indexes FollowSymLinks
    AllowOverride None
    Require all denied
    Require ip 192.168.0.10
   </Directory>

You should place it in a <Directory> section. For more info you can consult *moth_authz_core documentation: https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html

basekat
  • 456
  • 2
  • 5
  • How and where in the file would I place this. – Mr Song Feb 24 '21 at 19:30
  • I have edited my answer – basekat Feb 24 '21 at 19:45
  • i placed it after and still allowing everyone in – Mr Song Feb 24 '21 at 20:30
  • @MrSong I have edited my answer and retested it on my machine. I can confirm that it is working. If it is still doesn't work, please provide your httpd.conf and the output of httpd -M – basekat Feb 25 '21 at 05:09
  • linux-lkbt:/etc/apache2 # httpd -M AH00557: httpd: apr_sockaddr_info_get() failed for linux-lkbt AH00558: httpd: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1. Set the 'ServerName' directive globally to suppress this message Loaded Modules: core_module (static) so_module (static) http_module (static) mpm_prefork_module (static) unixd_module (static) systemd_module (static) actions_module (shared) alias_module (shared) auth_basic_module (shared) authn_file_module (shared) authz_host_module (shared) – Mr Song Feb 25 '21 at 05:43
  • I can see that authz_host_module is loaded, so it is good. What about your httpd.conf, can you share it? – basekat Feb 25 '21 at 05:58
  • I added the httpd.conf to the original post up top as it did not fit here. – Mr Song Feb 26 '21 at 05:20
  • The httpd.conf seems correct. Have you restarted the apache after modifying the configuration? Could you please provide an excerpt from your access.log for the IP 192.168.30.54 making a GET request? – basekat Feb 26 '21 at 05:30
  • Its allowing 192.168.30.54 to access the site, but its not blocking the other ips – Mr Song Feb 26 '21 at 05:49
  • Sorry! I have meant an IP which is different than 192.168.30.54. Can you provide log output? – basekat Feb 26 '21 at 05:53
  • I edited my first post to fit it all. – Mr Song Feb 26 '21 at 05:58
  • Ok, I have seen it. What about your directory location? In the post you are writing /srv/www/htdocs , but in the config it is /var/www/htdocs? Do you have some sort of symlink? Can you try to correct it in the httpd.conf? – basekat Feb 26 '21 at 06:05
  • Nope thats a type. Let me see if that fixes things – Mr Song Feb 26 '21 at 06:11
  • I fixed the typo and it did noting. – Mr Song Feb 26 '21 at 06:12