0

While editing my website I wanted to make it safer. One thought was to restrict the access of specific URLs like /admin or /login based on the IP adress.

So noone should be able to access those URLs without one of the set IP adresses.

As soon as I add the following part to my .htaccess and reload my apache2 service the whole website goes down resulting in an Internal Server Error. If I remove it everything works fine again.

# Restrict Suburl Access
<Location /admin>
  Order deny,allow
  Deny from all
  Allow from 87.158.*.*
  Allow from AnotherIP
</Location>

The rest of the .htaccess works fine:

# Remove index.php of WordPress
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteBase /
RewriteRule ^index\.php$ - [L]
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /index.php [L]
</IfModule>

# Redirect 403 to custom 404 page
ErrorDocument 403 /404

Thankful for every helpful information!

DasNerdwork
  • 3
  • 6
  • I don't think you need the wilcards in the ip addresses. Try `Allow from 87.158`. You also need at least `AllowOverride Limit` in your main config – msg Oct 11 '18 at 16:25
  • Just did not want to type the whole IP adress, wasn't meant as a wildcard – DasNerdwork Oct 11 '18 at 16:33
  • Also only works with AllowOverride All, otherwise I'll get the Internal Server Error instantaneously – DasNerdwork Oct 11 '18 at 16:35
  • Right. You might need `All` for other settings that's why I said "at least". But it seems [you can't use `Location`](https://httpd.apache.org/docs/current/en/mod/core.html#location) directives in `.htaccess` context... – msg Oct 11 '18 at 16:37
  • Found out why, [here](https://stackoverflow.com/questions/6667894/htaccess-location-not-allowed-here) is what you just said written down :) Thanks for the advice! – DasNerdwork Oct 11 '18 at 19:19

0 Answers0