How to use HTACCESS to block all visits to a specific subdomain, except from defined IP's

Question

Scenario:

A single TYPO3 installation running multiple websites with multiple (sub)domains.

What I'm trying to achieve:

For one specific website I want to be able to block all traffic from the outside world, except visitors coming from the company's IP addresses.

Pseudocode:

Block all visitors to this specific subdomain, except people coming from the following IP addresses.

How would I do this?

anubhava · Accepted Answer · 2018-04-02T07:08:46.030

3

You can use something like this code in your DOCUMENT_ROOT/.htaccess file:

RewriteEngine On

RewriteCond %{HTTP_HOST} ^(?:www\.)?subdomain\.com$ [NC]
RewriteCond %{REMOTE_ADDR} !^(127\.0\.0\.1|192\.168\.|10\.|1\.2\.3\.4)$
RewriteRule ^ - [F]

edited Apr 02 '18 at 07:08

answered Feb 10 '15 at 16:47

anubhava

761,203
64
569
643

"`${ipmap:%{REMOTE_ADDR}}`" - should be simply `%{REMOTE_ADDR}` in this example. (`ipmap` refers to a rewrite map, which hasn't been defined here, but also doesn't appear to be required). – MrWhite Apr 02 '18 at 01:11
1

You're right @MrWhite, I guess it was some bad copy/paste. Fixed it now and thanks for highlighting it. – anubhava Apr 02 '18 at 07:09

score 2 · Answer 2 · answered Feb 10 '15 at 17:01

Just use a simple auth block in your htaccess file in the documentroot of the subdomain. That's what it's for.

In Apache 2.2

order deny,allow
deny from all
#use your company's WAN IP addresses etc
allow from 192.168.0.1 192.168.0.2 192.168.0.3

Or if you are using Apache 2.4, you can use this in your htaccess

#this is your company's WAN IP addresses etc
Require ip 192.168.0.1 192.168.0.2 192.168.0.3

How to use HTACCESS to block all visits to a specific subdomain, except from defined IP's

2 Answers2