How do I allow access to a directory in apache that is actually a RewriteRule match?

Question

We have a server with a lot of domains. Each domain will have one or more of the following admin areas that we wish to secure by IP:

domain.tld/admin (admin area)
domain.tld/blog/wp-admin (wordpress admin area in blog sub-dir)
domain.tld/wp-admin (wordpress admin area)

This is a snippet from the Apache config we use to secure all of these on all sites:

<Directory ~ "^/home/user/apache/[^/]+/public/((blog/)?wp\-)?admin">
  AllowOverride All
  Order Deny,Allow
  Deny from all
  Allow from 123.45.67.89 23.45.67.89 34.56.78.90
</Directory>

This restricts any of the above folders to be viewable to those IP addresses only. For most of the sites and blogs this works perfectly. However, on one small site this isn't working.

The difference I think it might be is that the admin folder on this site doesn't actually exist, but instead a RewriteRule is matched to serve that page from the index page. What's weird though is that it does block /admin and gives a 403 error, but it doesn't allow the IPs listed in the Allow from rule.

Why does the directory match and deny, but not allow? Is this expected behaviour? How can I fix this?

score 1 · Accepted Answer · answered Jun 25 '14 at 10:50

1

For locations that aren't directories, use <Location> instead of <Directory>.

answered Jun 25 '14 at 10:50

Jenny D

27,780
21
75
114

Any idea why Directory matches and applies the Deny but not the Allow? – Leonard Challis Jun 25 '14 at 11:14
Also I've used this: `` and it doesn't work. – Leonard Challis Jun 25 '14 at 11:23

How do I allow access to a directory in apache that is actually a RewriteRule match?

1 Answers1