Go Premium for a chance to win a PS4. Enter to Win

x
?
Solved

MOD_REWRITE : I want to block access to all my files except from certian ip's/domains...

Posted on 2004-10-19
24
Medium Priority
?
426 Views
Last Modified: 2008-02-20
I want to use MOD_REWRITE to block access to my files on my server(even broswer access, if possible) EXCEPT from domains/ips I specify


much thanks..
Caiapfas
0
Comment
Question by:Caiapfas
  • 12
  • 8
  • 4
24 Comments
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352748
Here is an example of a mod-rewrite rule:

rewriteEngine on
rewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriterule!(403\.html¦404\.html) - [F,L]

This will block any one using Mozilla with the IP of 55.55.*

The Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

is very useful.  Also knowing Regular Expression will help.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352763
I forgot to mention the final rule sends the users to a 404.html or 403.html document (missing, moved), so make sure you have one.

-Ram
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352821
thats not what I wanted and my attempts have fails I want all blocked and sent to a certian page EXCEPT the ips/doamins i list within the rule....but thanks
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
LVL 5

Expert Comment

by:rsriprac
ID: 12352909
Read the "Deny/Allow Certian IP Addresses" section.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352923
no I want to use mod_rewrite to direct them diffrect file/page.....not just deny them
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353259
O ok:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.1.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353262
some errors, I mean:

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.2.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353282
For a list go:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^55\.57\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
rewriteCond %{REMOTE_ADDR} ^55\.67\.*$
rewriteCond %{REMOTE_ADDR} ^55\.68\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, sent all IP 55.56.* to /homepage.1.html, sent all IP 55.57.* to /homepage.1.html

and

sent all IP 55.66.* to /homepage.2.html, sent all IP 55.67.* to /homepage.2.html, sent all IP 55.68.* to /homepage.2.html

finally, all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353292
REad the mod_rewrite Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

You'll learn alot more fancy tricks.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12353636
no, you are doing some GREAT script writing but we must be misunderstanding...

I want to send all traffic to page.htm
and only the few ip I list are all access to the files/site...get it?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354538
why not just use a .htaccess file and set your 403 page as this "page.htm"
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354588
BECAUSE i have site accessing files on this server that i want to allow to do so, but any and all other = where i send them,
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354590
including users
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354643
you can use htaccess to block IPs, or only allow a list of IPs/hosts

eg:

order deny,allow
deny from all
allow from localhost
allow from 192.168.0.4


that would only allow the local machine and 192.168.0.4 to access the directory/subdirs/files
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12355016
can i allow domains or will i need the ip for all?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355043
sure


allow from .mydomain.com

allows all subdomains (eg pies.mydomain.com, candy.mydomain.com, etc)


allow from pie.mydomain.com

allows only from pie.mydomain.com
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355048
here's quite a good guide to mastering your htaccess

http://www.javascriptkit.com/howto/htaccess.shtml
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12363607
How bout this:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]

Will allow only 55.55.* to access any, while all other request wll be routed page.html.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12373078
ok so how can i do more than one ip ...
please I want to be able to allow domians
I even want to disallow the server the files are housed on
0
 
LVL 5

Accepted Solution

by:
rsriprac earned 1500 total points
ID: 12374991
More domains:

rewriteCond %{REMOTE_ADDR} ^55\.54\.*$
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^*.foobar.com$

RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12375625
what if i wanted to put full ips in there?
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375794
its fine.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375798
i.e. rewriteCond %{REMOTE_ADDR} ^55\.54\.55\.55$
0

Featured Post

Vote for the Most Valuable Expert

It’s time to recognize experts that go above and beyond with helpful solutions and engagement on site. Choose from the top experts in the Hall of Fame or on the right rail of your favorite topic page. Look for the blue “Nominate” button on their profile to vote.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post we will learn how to make Android Gesture Tutorial and give different functionality whenever a user Touch or Scroll android screen.
In real business world data are crucial and sometimes data are shared among different information systems. Hence, an agreeable file transfer protocol need to be established.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
In this fifth video of the Xpdf series, we discuss and demonstrate the PDFdetach utility, which is able to list and, more importantly, extract attachments that are embedded in PDF files. It does this via a command line interface, making it suitable …

927 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question