In my scenario, that might work, and I appreciate the elegance of high-order switches to access. However, my exact question would lead to a more useful solution for myself and others. Lets consider, for example, I created a dashboard in PHP for modifying my SQL database. It would be best to have a user authentication written into the PHP, but I'm in a hurry and have a static IP so I think to myself, "Hey, this IP never changes. I'm the only one on my network. Lets block this access according to path and IP address. I'll put in 192.168.40.80 and nobody else can get there unless they are physically in my house or logged in my console." Another case would be I might have an embedded system on manufacturing equipment that provides access to: an operator (x.x.40.70), a supervisor (x.x.40.80) and an IT technician (v.w.y.z). They may need to access certain restricted portions of the webserver from permanently fixed terminals an a piece of machinery. It might not be in the supervisor's interest to have the operator's web-dashboard be allowed to modify the parameters of the machine. The IT administrator would probably not want the supervisor accessing admin tools, such as phpmyadmin. > you could try /etc/hosts.deny > > On Fri, Dec 1, 2017 at 4:03 AM, Timothy D Legg <apache@xxxxxxxxxxxxxxx> > wrote: > >> Hello, >> >> I am wanting to restrict a subdirectory of a website to a single, maybe >> two, IP addresses. >> >> I will refer to this documentation: >> httpd.apache.org/docs/current/howto/access.html >> under the section "Access control by host". >> >> This document suggests that 'Allow', 'Order', and 'Deny' are deprecated, >> so I am avoiding using these going forwards. It decided to exercise >> this >> restriction with mod_authz_host. I verified that authz_core_module, >> authz_host_module, authz_user_module are enabled. >> >> I added these lines inside the <VirtualHost *:443> block: >> >> <Directory /var/www/html/graphs> >> Require ip 192.168.40.80 >> </Directory> >> >> But a test revealed I was able to wget graphs/test.html on a different >> machine (192.168.40.81). >> >> I've only read the documentation. Practically every non-Apache website >> still uses Order-Allow-Deny methodologies, so it's still not clear how >> this is actually done in practice. Why did this not work? >> >> Thanks, Timothy D Legg >> >> >> --------------------------------------------------------------------- >> To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx >> For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx >> >> > --------------------------------------------------------------------- To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
|