To allow only localhost in Apache's 000-default

Question

How can you allow only localhost in Apache2?

My /etc/apache2/sites-enabled/000-default is

<VirtualHost *:80>
        ServerAdmin webmaster@localhost

DocumentRoot /home/masi/Dropbox/a
<Directory />
                Options FollowSymLinks
                AllowOverride None
        </Directory>
        <Directory /home/masi/Dropbox/a/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                deny from all                             // Problem HERE!
        allow from 127.0.0.1
        </Directory>

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <Directory "/usr/lib/cgi-bin">
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </Directory>

        ErrorLog /var/log/apache2/error.log

        # Possible values include: debug, info, notice, warn, error, crit,
        # alert, emerg.
        LogLevel warn

        CustomLog /var/log/apache2/access.log combined

    Alias /doc/ "/usr/share/doc/"
    <Directory "/usr/share/doc/">
        Options Indexes MultiViews FollowSymLinks
        AllowOverride None
        Order deny,allow
        Deny from all
        Allow from 127.0.0.0/255.0.0.0 ::1/128
    </Directory>

</VirtualHost>

I browse to http://localhost/index.php unsuccessfully. I get Forbidden.

Answer 1

Switch your allow, deny order around (you want to deny all first, then allow localhost).

Change:

Order allow,deny

To:

Order deny,allow

(which is the default behavior)