How to forbid access to admin URL path in Apache config by IP subnet?

Question

I want to only allow a private IP range to be able to access the administrator panel on my site.

I found an article explaining how to do it for a specific directory path, such as /var/www/admin/, but not by URL. I am unable to use the exact directory path because I'm using an MVC framework that doesn't have static files I can point to.

Is it possible to do this in a virtual host configuration?

The pseudo code in my head would look something like this,

<Directory $domain/admin>
  Order allow,deny
  Allow from 192.168.1.0/24
</Directory>

score 5 · Answer 1 · answered Aug 18 '15 at 04:30

5

You can use the <location> block

<Location /admin>
    Order Allow,Deny
    Deny from  all
    Allow from 192.168.1.0/24
</Location>

answered Aug 18 '15 at 04:30

Mike

22,310
7
56
79

Are you sure "Location" is the right directive? Note from docs: `It is important to never use when trying to restrict access to objects in the filesystem. This is because many different webspace locations (URLs) could map to the same filesystem location, allowing your restrictions to be circumvented. For example, consider the following configuration:` (https://httpd.apache.org/docs/2.4/sections.html#whichwhen) – kanlukasz Jul 27 '20 at 10:10

How to forbid access to admin URL path in Apache config by IP subnet?

1 Answers1