httpd-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From MegaBrutal <megabru...@gmail.com>
Subject Re: [users@httpd] Access control with source IP addresses
Date Mon, 01 Dec 2014 13:20:44 GMT
2014-11-21 12:48 GMT+01:00 Rainer M. Canavan <rainer.canavan@sevenval.com>:
>
> On Nov 21, 2014, at 08:48 , Bu Xiaobing <buxiaobing@ewellsoft.com> wrote:
>
>> Hi All,
>>
>> I want to do the httpd URL access control through visitors' IP addresses as the following
:
>>
>> all source IP address can visit  ^/action.php?login
>> and only specified IP addresses can visit ^/action.php?manage
>>
>> Anyone can give me some advises?
>
> You've probably noticed that the usual mechanisms like Directory, Location and
> LocationMatch don't evaluate the query string. You'll probably have to
> use a RewriteRule preceded by
>
> RewriteCond %{QUERY_STRING} manage
>
> or something similar, in combination with
>
> <Location /action.php>
>  Allow From IP.IP.IP.IP
> </Location

It also worth to clarify the Apache version in question, as it's a
major change between 2.2 and 2.4 that Allow, Deny directives got
deprecated, and should be updated to Require. Some recent Linux
distros and FreeBSD already ship 2.4, so I think it's time to get
familiar with its features and caveats.

I know the question is how to solve access control in Apache, but in
this particular case I'd also consider to make the distinction at
PHP-level. Most PHP-based websites do that and don't rely on the web
server config to do proper access control.

Be prepared to also account for IPv6 addresses, if your web server
also serves over IPv6.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@httpd.apache.org
For additional commands, e-mail: users-help@httpd.apache.org


Mime
View raw message