Allow request coming from specific IP only [closed]

Question

I have application hosted Apache UNIX, and I am allowing users to access the application url from citrix environment (from citrix machine).

However, currently its possible to access the url from all the connected machines. I would like to put the restriction that it should be only accessed from citrix machine. So if any one needs to access it, he needs access to citrix machine.

I tried with below:

<Directory /APP>

    Order Deny,Allow

    Deny from all

    Allow from 160.120.25.65

    Allow from 127

</Directory>

it didn't work. Any suggestion?

Few replied with iptables solution, however this one loaded on Solaris (it doesn't have builtin firewall to OS as linux).

Answer 1

This should do what you need:

<Directory /APP>

    Order Allow,Deny

    Allow from 160.120.25.65
    Allow from 127.0.0.0/8

</Directory>

See the mod_authz_host documentation for details.

Answer 2

What version of Apache are you running? The IP allowing mechanisms are, AFAIK, provided by mod_authz_host, which was introduced in 2.2 (well, 2.1 technically). If you do have 2.2, make sure it wasn't compiled with mod_authz_host disabled.

Generally speaking, though, you may find a simpler and more robust solution is the iptables or other firewalling suggested in the other answers.