IP Blocking URLs on Apache

Question

I need to block access to my entire site via IP Address except the url /api which should be open to all.

I am currently using ...

<LocationMatch /admin>
    Order Deny,Allow
    Deny from all
    Allow from [MY IP]
</LocationMatch>

this blocks access urls starting with /admin. But I want to block all urls except the ones that start /api.

Chris

score 2 · Answer 1 · answered Oct 12 '09 at 14:41

2

RewriteEngine On # (only needs to happen once in .htaccess files.

RewriteBase /
RewriteCond %{REMOTE_ADDR} !^10\.103\.18\.104     # <--YOUR IP HERE
RewriteCond %{REQUEST_URI} !^/api    # page or directory to ignore                   
RewriteRule ^(.*)$ http://example.com/no_access.html [R=401] # where to send blocked requests

answered Oct 12 '09 at 14:41

Eddie

9,696
4
45
58

Can't get this to work. I get an error 401 Authentication required. – Chris Rowe Oct 12 '09 at 15:13
Rewrite requires the use of additional module. would still be better to use core. – mauris Oct 13 '09 at 09:09
@Chris - the code I supplied returns a 401 to the browser if your IP does not match. @Mauris - that is true. But not all users have access to the core config file. and rewrite works at a directory level Compromise? Use location to lock down entire site (replace '/admin' with '/') Use additional location block to unlock /api (reverse deny,allow to allow all) – Eddie Oct 20 '09 at 12:20

score 0 · Answer 2 · answered Oct 12 '09 at 14:33

0

Well you can first block the whole site, then simply allow /api.

<LocationMatch />
    Order Deny,Allow
    Deny from all
    Allow from [MY IP]
</LocationMatch>

<LocationMatch /api>
    Order Deny,Allow
    Allow from all
</LocationMatch>

Sorry I couldn't test it due to the way XAMPP is configured on my PC. Pray it works.

answered Oct 12 '09 at 14:33

mauris

42,982
15
99
131

Did you try switching the order of the rules? – deizel. Oct 12 '09 at 17:28

IP Blocking URLs on Apache

2 Answers2

Linked