Hello, I am wanting to restrict a subdirectory of a website to a single, maybe two, IP addresses. I will refer to this documentation: httpd.apache.org/docs/current/howto/access.html under the section "Access control by host". This document suggests that 'Allow', 'Order', and 'Deny' are deprecated, so I am avoiding using these going forwards. It decided to exercise this restriction with mod_authz_host. I verified that authz_core_module, authz_host_module, authz_user_module are enabled. I added these lines inside the <VirtualHost *:443> block: <Directory /var/www/html/graphs> Require ip 192.168.40.80 </Directory> But a test revealed I was able to wget graphs/test.html on a different machine (192.168.40.81). I've only read the documentation. Practically every non-Apache website still uses Order-Allow-Deny methodologies, so it's still not clear how this is actually done in practice. Why did this not work? Thanks, Timothy D Legg --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|