Re: Access restriction to a particular folder by IP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Sun, Sep 6, 2009 at 4:54 PM, Markus Wolf<makuswolf03@xxxxxxxxx> wrote:
> I have directories that contain IP addresses.
>
> /171.35.110.12_some_characters
> /172.30.97.4_some_other_random_characters
>
> Now I would like to only allow access to a folder in .htaccess when the referer IP address matches the first part of the directory name.

What do you actually mean with the "referer IP address". The referrer
is normally the URL of the page the URL of the current request was
found on. It will normally be hostname based, not IP. Furthermore the
reffere url is based on a header set by the browser, so it is not a
good idea to base security on it, as it is easily manipulated.

Or maybe you want to restrict access based on client IP? That is
something different, however.



> Basically:
>
> <Directory /171.35.110.12_*>
> Order Deny,Allow
> Deny from All
> Allow from 171.35.110.12
> </Directory>
>
> I reckon it'd be a bit of an overkill if I created an entry for every possible IP address. ;)
>
> Is it somehow possible to automate this restriction by using some sort of variables?
>
> Something like this, to catch all existing folders:
>
> <Directory /($REFERER_IP)_*>
> Order Deny,Allow
> Deny from All
> Allow from ($REFERER_IP)
> </Directory>
>
> If it's possible to do it, what would the exact syntax look like?

Well, for startesr, there is no "REFERER_IP" environment variable, and
you can't use environment variables in this way anyway.

If you want complex authentication you could do something with
RewriteRules. But could you first be more clear about what it is you
want to achieve'

Krist

-- 
krist.vanbesien@xxxxxxxxx
krist@xxxxxxxxxxxxx
Bremgarten b. Bern, Switzerland
--
A: It reverses the normal flow of conversation.
Q: What's wrong with top-posting?
A: Top-posting.
Q: What's the biggest scourge on plain text email discussions?

---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux