Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache HTTP Server: How to restrict access to directory listings to some ip ranges?

In Apache HTTP Server 2.4: How to restrict access to directory listings to some ip ranges? Files should be still publicly downloadable over URLs but directory listings should be restricted.

like image 374
Igor Mukhin Avatar asked Jun 30 '15 13:06

Igor Mukhin


People also ask

What is Apache directory listing?

In Apache, directory listing is a default behavior that displays the contents of a directory if there is no default index file such as index. php or index. html.

What is require all granted in Apache?

For example, if you have someone spamming your message board, and you want to keep them out, you could do the following: <RequireAll> Require all granted Require not ip 10.252. 46.165 </RequireAll> Visitors coming from that address ( 10.252. 46.165 ) will not be able to see the content covered by this directive.

Why is access control by user agent considered an unreliable technique?

Access control by User-Agent is an unreliable technique, since the User-Agent header can be set to anything at all, at the whim of the end user. In the above example, the environment variable GoAway is set to 1 if the User-Agent matches the string BadBot . Then we deny access for any request when this variable is set.


1 Answers

This is possible with <If> Expression.

This is your vhost/conf:

<VirtualHost *:80>
        DocumentRoot /var/www/html

        Options -Indexes        # disable listing
        <If "%{REMOTE_ADDR} == '10.0.0.5'">
            Options +Indexes    # enable listing if ip matches
        </If>
</VirtualHost>

<Directory /var/www/html>
        Require all granted
</Directory>

Tested it with Ubuntu Server and Windows with Apache 2.4 – sadly this won't work with older Apache versions.


For IP ranges it is possible to use another way to check the IP:

<If "%{REMOTE_ADDR} -ipmatch '10.0.0.0/8'">

or faster way is with -R:

<If "-R '192.168.0.0/16' || -R '10.0.248.0/24'">
like image 97
CodeBrauer Avatar answered Sep 25 '22 13:09

CodeBrauer