tags:

views:

2797

answers:

1
+1  Q: 

IP restriction with htaccess

Hi guys!

I want to restrict an entire site in such a way that just two IPs could enter the site. I have the following in my .htaccess (at the root of site):

ErrorDocument 403 http://www.example.com/views/error403.html

Order Deny,Allow
Deny from all
Allow from 311.311.311 322.322.322.322

ErrorDocument 404 /views/error404.html
ErrorDocument 500 views/error500.html

(Obviously, these are fake IPs, in my .htaccess they are the right IPs)

As you can see, I allow just 322.322.322.322 and all IPs from 311.311.311.0/24, and deny for the rest of people. What I want is that when anybody enter the site from another IP, he'll view the error403.html page.

The filter is working fine, but not the redirection. When I try to enter the site from a deny IP, I see an Apache message:

Found
The document has moved here

Where "here" is a link to error403.html.

I think I'm restricting even the error403.html page.

How can I do this restriction, but allowing the view of the error page? Should I move error403.html page to another directory (i.e., /views/error/ ) and put other .htaccess in it, allowing in that file all the IPs?

Thank you in advance!

+3  A: 

Yes, you have answered your own question. :) Move all non-protected pages into another directory with its own .htaccess containing the proper Allow and Deny.

Cheers, V.

vladr  2009-02-27 08:09:27
I was wondering if would exist another pretier form to resolving this issue, but you've confirm my suspicion; I'll do it with another directory-htaccess pair.Thank you Vlad!
ARemesal  2009-02-27 08:35:13
You can always do this from httpd.conf with fancier rules as to which directories are affected and which are not, but frankly it's not worth it unless you are havng performance issues with the use of .htaccess (which you won't unless you serve hundreds or thousands of requests per second.)
vladr  2009-02-27 08:50:51
And this site is hosted in a shared machine where I can't change httpd.conf, so the solution with .htaccess is perfect for this.
ARemesal  2009-02-27 13:51:23

related questions

How do I add a MIME type to .htaccess?
Difference between the Apache HTTP Server and Apache Tomcat?
How do I support SSL Client Certificate authentication?
Why can't I connect to my CAS server with Perl's AuthCAS?
Cleanest & Fastest server setup for Django
Installing Apache Web Server on 64 Bit Mac
Running Apache alongside another web server?
Algorithm behind MD5Crypt
Can you compile Apache HTTP Server and redeploy its binaries to a different location ?
mod_rewrite rule to redirect all requests except for one specific path
How do I create a self signed SSL certificate to use while testing a web app.
Software for Webserver Log Analysis?
What is the difference between an endpoint, a service, and a port when working with webservices?
What are the proper permissions for an upload folder with PHP/Apache?
mod_rewrite to alias one file suffix type to another
How do you redirect HTTPS to HTTP?
Using mod_rewrite to Mimic SSL Virtual Hosts?
User authentication on Resin webserver
How do you set up Python scripts to work in Apache 2.0?
Block user access to internals of a site using HTTP_REFERER
.htaccess directives to *not* redirect certain URLs
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP