Allow/block access to a specific path with apache 2.4 failing

Question

I have a django website project deployed in an enviroment from AWS Beanstalk. I'm trying write configs to apache block access to a specific path (/admin). I avoid change wsgi.conf file, instead I writing package.config in .ebextensions folder, like following:

"/etc/httpd/conf.d/block_admin.conf":
  mode: "000644"
  owner: root
  group: root
  content: |
  <Location /admin>
     <RequireAll>
         Require ip <my_ip>/32
         Require all denied
     </RequireAll>
  </Location>

That code is denying all access to "/admin", include from my ip. I get my ip from services like what is my ip.

What am i doing wrong?

PS: My english is a working in progress....

Robert · Answer 1 · 2018-11-19T18:55:38.950

0

The <RequireAll> encloses a group of authorization directives of which none must fail and at least one must succeed in order for the <RequireAll> directive to succeed; Thus, RequireAll requires (no pun intended) that "Require all denied" must not fail, which is perhaps not what was desired.

Have you tried just the "Require ip/netmask" by itself?

<RequireAll>
  Require ip <my_ip>/32
</RequireAll>

The single 'Require ip network/mask' should be sufficient for RequireAll to block access from anywhere else.

edited Nov 19 '18 at 18:55

answered Nov 19 '18 at 17:54

Robert

101
3

Thanks, but this suggestion did not work. Is there any other? All access keep returning http 403. – Paulo Vinícius Nov 19 '18 at 18:11
That was a good point, but keeping returning HTTP 403. I tried my home ip too, and keeping failing. – Paulo Vinícius Nov 22 '18 at 11:53

Allow/block access to a specific path with apache 2.4 failing

1 Answers1