Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Apache2 access restricted to local LAN

Until recently, I had a bunch of virtual sites set up like so:

<VirtualHost 127.0.0.1:1234>
    ...

This works fine for testing on my local machine, where I use a Linux desktop. In order to test how MS and explorer displays my pages from my Windows laptop, I changed this to

<VirtualHost *:1234>
    ...

Which also works fine, calling the site up from http://[mylinuxservername]:1234 on my laptop's IE. However, I want to restrict that wildcard to the local lan. Plugging in any ip, like 192.nnn.nnn.nnn or 192.*.*.* where the wildcard is above results in 403 Forbidden on the windows machine. The local server still works fine on my Linux box:

<VirtualHost 127.0.0.1:1234 192.*.*.*:1234>
    ...

or

<VirtualHost 127.0.0.1:1234 192.nnn.nnn.nnn:1234> #exact IP of laptop
    ...

Anyway, I don't like that wildcard in the second config example above. Hints anyone?

like image 368
user105090 Avatar asked Jun 16 '09 15:06

user105090


2 Answers

The parameter(s) of VirtualHost are the local addresses you listen to, not the remote ones.

In Apache 2.4 and newer, use the Require directive:

Require ip 127.0.0.0/8
Require ip 192.0.0.0/8

If you are using Apache 2.2 or earlier, use the authz_host configuration:

Order Allow,Deny
Allow from 127.0.0.0/8
Allow from 192.168.0.0/16

This may also work on Apache 2.4, but Order and Allow have been deprecated.

like image 81
phihag Avatar answered Sep 19 '22 22:09

phihag


Just a note in case some noobs like me come here :)

Apache HTTP Server is configured by placing directives in plain text configuration files. The main configuration file is usually called httpd.conf. Main Configuration Files

For version 2.4

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use. Access Control

Require ip 127.0.0.0/8
Require ip 192.0.0.0/8

or (not exactly the same)

Require ip 127.0
Require ip 192.168
like image 23
apachenoob Avatar answered Sep 20 '22 22:09

apachenoob