ansaurus

Question

Answer 1

A:

Well you can first block the whole site, then simply allow /api.

<LocationMatch />
    Order Deny,Allow
    Deny from all
    Allow from [MY IP]
</LocationMatch>

<LocationMatch /api>
    Order Deny,Allow
    Allow from all
</LocationMatch>

Sorry I couldn't test it due to the way XAMPP is configured on my PC. Pray it works.

thephpdeveloper 2009-10-12 14:33:02

Thanks but this didn't work, it blocked everything.

Chris Rowe 2009-10-12 15:15:34

Did you try switching the order of the rules?

deizel 2009-10-12 17:28:46

Answer 2

+1 A:

RewriteEngine On # (only needs to happen once in .htaccess files.

RewriteBase /
RewriteCond %{REMOTE_ADDR} !^10\.103\.18\.104     # <--YOUR IP HERE
RewriteCond %{REQUEST_URI} !^/api    # page or directory to ignore                   
RewriteRule ^(.*)$ http://example.com/no_access.html [R=401] # where to send blocked requests

Eddie 2009-10-12 14:41:38

Can't get this to work. I get an error 401 Authentication required.

Chris Rowe 2009-10-12 15:13:11

Rewrite requires the use of additional module. would still be better to use core.

thephpdeveloper 2009-10-13 09:09:28

@Chris - the code I supplied returns a 401 to the browser if your IP does not match. @Mauris - that is true. But not all users have access to the core config file. and rewrite works at a directory levelCompromise?Use location to lock down entire site (replace '/admin' with '/')Use additional location block to unlock /api (reverse deny,allow to allow all)

Eddie 2009-10-20 12:20:47

ansaurus

tags:

views:

answers:

IP Blocking URLs on Apache

related questions