1

I have the following code in my virtual host file:

<VirtualHost 198.71.60.211:80>
     ServerAdmin something@site.com
     ServerName mysite.com
     DocumentRoot /var/www/mysite.com/public_html/
     ErrorLog /var/www/mysite.com/logs/error.log
     CustomLog /var/www/mysite.com/logs/access.log combined

<Directory /var/www/mysite.com>
  order deny,allow
  deny from all
  allow from 97.107.131.11
</Directory>

Then i restarted apache. But for some reason, everyone can still see the website. I want only users with IP address 97.107.131.11 to be able to see my site.

What am I doing wrong?

John
  • 7,343
  • 23
  • 63
  • 87
  • How are you testing? What URL are you using? – David Schwartz Aug 01 '14 at 23:07
  • I tested by going to the actual url `http://mysite[dot]com` . I can't disclose the url right now. But when i tell my friends to go to it, they can see the site . I remember the code above worked before on another CentOS server. But it doesn't seem to be working on this ubuntu server. Am I missing modules for apache or something? – John Aug 01 '14 at 23:49
  • I don't really follow. In the DNS settings for mysite.com, i made an A record with the ip address 198.71.60.211, because that's the IP address of my ubuntu/apache server. Then I'm expecting anyone with an authorized IP address to be able to type http://mysite[dot]com into their browser and see the pages served from the /var/www/mysite.com/public_html folder. The only issue is that Apache isn't denying non-97.107.131.11 ip address users. Everyone is seeing the contents of /var/www/mysite.com/public_html . Can you tell me what I mis-understood about the set up? – John Aug 02 '14 at 00:05
  • 1
    You're 100% positive the URL contains `/mysite.com/` and not a `www` or anything else in there? – David Schwartz Aug 02 '14 at 00:43
  • yeah i don't use the www version. The www version is actually a different site all together. – John Aug 02 '14 at 01:33
  • Maybe it's because the `Directory` directive is for a path that's outside of the site's root? That definitely seems like a mistake, but I'm not sure what consequences it would have. – David Schwartz Aug 02 '14 at 01:34
  • 1
    Please share your complete config, a block with Allow from all could thwart this. – fuero Aug 02 '14 at 02:30
  • @fuero that is my complete vhost file aside from another default vhost that comes with apache. What is this Location block you speak of? I've never used it before – John Aug 02 '14 at 13:19

2 Answers2

1

Possible answer:

https://stackoverflow.com/questions/19711716/apache-restrict-access-to-specific-source-ip-inside-virtual-host

Ensure you are loading mod_authz_host

Community
  • 1
skonka
  • 91
  • 1
  • 4
0

Double check your DNS lookup for your "mysite.com" from your friend's computers - they could be connecting through a different interface to the service with the same DocumentRoot, or a page which looks the same as what you're trying to protect.

Bee Kay
  • 164
  • 7