How to allow access to file only to users with ip which are in a range of ip addresses?
For example file admin.php. and range from 0.0.0.0 to 1.2.3.4.
I need configure access to only ONE file not to directory.
Asked
Active
Viewed 1.1e+01k times
42
-
Allow from FROM_IP TO_IP – Manish Trivedi Feb 18 '11 at 14:28
-
@Manish Trivedi Just tried it: 127.0.0.1 is denied by 127.0.0.0 127.0.0.2 . Therefore, it's not that simple - unless I made a mistake in my test. Did I? – phihag Feb 18 '11 at 14:36
8 Answers
48
Just add a FilesMatch or Files directive to limit it to a specific script.
The following would block acces to all scripts ending in "admin.php" :
<FilesMatch "admin\.php$">
Order deny,allow
Deny from all
Allow from 10.0.0.0/24
</FilesMatch>
The following would ONLY block admin.php :
<Files "admin.php">
Order deny,allow
Deny from all
Allow from 10.0.0.0/24
</Files>
For more information refer to the apache docs on Configuration Sections.
wimvds
- 12,790
- 2
- 41
- 42
35
check the man page of the Allow Directive
Order Deny,Allow
Deny from all
Allow from 10.1.0.0/255.255.0.0
A partial IP address
Example:
Allow from 10.1
Allow from 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair
Example:
Allow from 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification
Example:
Allow from 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Regolith
- 2,944
- 9
- 33
- 50
Pascal Qyy
- 4,442
- 4
- 31
- 46
-
-
Am I on the right lines here to adding 2 ip ranges to my allow from code in htaccess? http://stackoverflow.com/questions/31833456/how-do-i-allow-these-two-ip-ranges-in-my-htaccess-file – James Wilson Aug 05 '15 at 14:42
-
"the netmask consists of nnn high-order 1 bits." - what does that mean? Is it about the "/16"? I see this notation often, but have yet to find an explanation for it. – Ralf Mar 22 '19 at 14:53
-
11
You cannot match an IP range with allow, but you can emulate it with a CIDR notation:
Order allow,deny
# 0.0.0.0 - 0.255.255.255.255
Allow from 0.0.0.0/8
# 1.0.0.0 - 1.1.255.255
Allow from 1.0.0.0/15
# 1.2.0.0 - 1.2.1.255
Allow from 1.2.0.0/23
# 1.2.2.0 - 1.2.2.255
Allow from 1.2.2.0/24
# 1.2.3.0 - 1.2.3.3
Allow from 1.2.3.0/30
# 1.2.3.4
Allow from 1.2.3.4
4
Just do this for a single IP:
<Limit GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
</Limit>
If you want to do it for a range like 10.x.x.x, then do this:
<Limit GET POST>
order allow,deny
allow from 10
deny from all
</LIMIT>
shamittomar
- 46,210
- 12
- 74
- 78
1
If you are using WordPress, then the Best and Simplest method is to install the plugin - LionScripts : WordPress IP Blocker from their website http://www.lionscripts.com/ip-address-blocker
Their Professional version has much more features like country blocking and IP range blocking, bulk csv uploading etc.
jeevesh kumar
- 69
- 6
1
if you to provide a wildcard 0.0.255.255
Order allow,deny
# 1.2.0.0 - 1.2.255.255
Allow from 1.2.0.0/16
This will give a range from 1.2.0.1 - 1.2.255.254
you can also check here
Allahbakash.G
- 1,805
- 1
- 15
- 17
0
I wanted to redirect all but cetain Ip's to a maintenance page - our IPs all on same network - The following worked based on shamitomar's answer above :
# TEMP MAINTENANCE PAGE
# MAINTENANCE-PAGE REDIRECT
<IfModule mod_rewrite.c>
RewriteEngine on
# One address that is on a diffrent network
RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
#allow all addresses from our network
RewriteCond %{REMOTE_ADDR} !^xx\.xxx
#Stuff to allow so that we can show our maintenance page while we work
RewriteCond %{REQUEST_FILENAME} !(styles|images).+$
RewriteCond %{REQUEST_URI} !maintenance.html$ [NC]
RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|js|css|ttf|woff) [NC]
RewriteRule .* /maintenance.html [R=302,L]
</IfModule>
Goody Buy
- 1
- 1
