0

I have installed rockmongo, and i want only i can access it via web.i have put this rule in .htaccess 

order allow,deny
allow from 118.67.228.162
deny form all

But this deny every one including myself.It was working fine earlier

Vikash Pandey
  • 5,407
  • 6
  • 41
  • 42
amit singh
  • 219
  • 4
  • 22
  • .htaccess processing is sequential. Try denying all first and then allowing the IP. So, swap your lines 2 and 3. – Jordi Nebot May 31 '16 at 07:29
  • Still, result is same – amit singh May 31 '16 at 07:48
  • Ouch! You should also change `order allow,deny` for `order deny,allow`. Also, please check [this](http://stackoverflow.com/a/4400412/1534704) and [this answers](http://stackoverflow.com/a/10078317/1534704) – Jordi Nebot May 31 '16 at 07:52

1 Answers1

1

Upfront see Access control by host

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.

Your directives reject everyone, because of 

Order Allow,Deny
Deny from all

See Order for an explanation

Allow,Deny
First, all Allow directives are evaluated; at least one must match, or the request is rejected. Next, all Deny directives are evaluated. If any matches, the request is rejected. Last, any requests which do not match an Allow or a Deny directive are denied by default.

If you want to use it anyway, see the first example in Order

In the following example, all hosts in the example.org domain are allowed access; all other hosts are denied access.

Order Deny,Allow
Deny from all
Allow from example.org

For a specific IPv4 address this would be

Allow from 1.2.3.4

If the client uses IPv6, the example would look like 

Allow from 2001:db8:85a3::8a2e:370:7334

To find out which address is appropriate, access the web site and look into Apache's access.log file. At the end of the file, you will find something like

1.2.3.4 - - [01/Jun/2016:10:10:58 +0200] "GET / HTTP/1.1" 403 492 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

when it is IPv4, or

2001:db8:85a3::8a2e:370:7334 - - [01/Jun/2016:10:10:58 +0200] "GET / HTTP/1.1" 403 492 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:45.0) Gecko/20100101 Firefox/45.0"

when it is an IPv6 address.

Olaf Dietsche
  • 72,253
  • 8
  • 102
  • 198
  • Thanks for explanation, but i already tried this, but still no luck.funny thing is if a use `allow from all` it works.but not works for individual ip – amit singh May 31 '16 at 18:01
  • Well, `Allow from all` in this context does exactly what it says ;-). I just tested the first example on my system and it works as advertised. It *might* not work when the client connects with IPv6 addresses. Please see my updated answer. – Olaf Dietsche Jun 01 '16 at 08:15
  • Thanks, stupid me, i should have checked the log first. My server is behind the an aws elb and that is and it was denied because it was accessed by elb. that is why it was not working. – amit singh Jun 01 '16 at 09:42