Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

MOD_REWRITE : I want to block access to all my files except from certian ip's/domains...

Posted on 2004-10-19
24
Medium Priority
?
425 Views
Last Modified: 2008-02-20
I want to use MOD_REWRITE to block access to my files on my server(even broswer access, if possible) EXCEPT from domains/ips I specify


much thanks..
Caiapfas
0
Comment
Question by:Caiapfas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
  • 4
24 Comments
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352748
Here is an example of a mod-rewrite rule:

rewriteEngine on
rewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriterule!(403\.html¦404\.html) - [F,L]

This will block any one using Mozilla with the IP of 55.55.*

The Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

is very useful.  Also knowing Regular Expression will help.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352763
I forgot to mention the final rule sends the users to a 404.html or 403.html document (missing, moved), so make sure you have one.

-Ram
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352821
thats not what I wanted and my attempts have fails I want all blocked and sent to a certian page EXCEPT the ips/doamins i list within the rule....but thanks
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:rsriprac
ID: 12352909
Read the "Deny/Allow Certian IP Addresses" section.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352923
no I want to use mod_rewrite to direct them diffrect file/page.....not just deny them
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353259
O ok:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.1.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353262
some errors, I mean:

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.2.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353282
For a list go:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^55\.57\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
rewriteCond %{REMOTE_ADDR} ^55\.67\.*$
rewriteCond %{REMOTE_ADDR} ^55\.68\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, sent all IP 55.56.* to /homepage.1.html, sent all IP 55.57.* to /homepage.1.html

and

sent all IP 55.66.* to /homepage.2.html, sent all IP 55.67.* to /homepage.2.html, sent all IP 55.68.* to /homepage.2.html

finally, all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353292
REad the mod_rewrite Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

You'll learn alot more fancy tricks.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12353636
no, you are doing some GREAT script writing but we must be misunderstanding...

I want to send all traffic to page.htm
and only the few ip I list are all access to the files/site...get it?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354538
why not just use a .htaccess file and set your 403 page as this "page.htm"
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354588
BECAUSE i have site accessing files on this server that i want to allow to do so, but any and all other = where i send them,
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354590
including users
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354643
you can use htaccess to block IPs, or only allow a list of IPs/hosts

eg:

order deny,allow
deny from all
allow from localhost
allow from 192.168.0.4


that would only allow the local machine and 192.168.0.4 to access the directory/subdirs/files
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12355016
can i allow domains or will i need the ip for all?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355043
sure


allow from .mydomain.com

allows all subdomains (eg pies.mydomain.com, candy.mydomain.com, etc)


allow from pie.mydomain.com

allows only from pie.mydomain.com
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355048
here's quite a good guide to mastering your htaccess

http://www.javascriptkit.com/howto/htaccess.shtml
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12363607
How bout this:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]

Will allow only 55.55.* to access any, while all other request wll be routed page.html.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12373078
ok so how can i do more than one ip ...
please I want to be able to allow domians
I even want to disallow the server the files are housed on
0
 
LVL 5

Accepted Solution

by:
rsriprac earned 1500 total points
ID: 12374991
More domains:

rewriteCond %{REMOTE_ADDR} ^55\.54\.*$
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^*.foobar.com$

RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12375625
what if i wanted to put full ips in there?
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375794
its fine.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375798
i.e. rewriteCond %{REMOTE_ADDR} ^55\.54\.55\.55$
0

Featured Post

The top UI technologies you need to be aware of

An important part of the job as a front-end developer is to stay up to date and in contact with new tools, trends and workflows. That’s why you cannot miss this upcoming webinar to explore the latest trends in UI technologies!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

A short article about problems I had with the new location API and permissions in Marshmallow
The SignAloud Glove is capable of translating American Sign Language signs into text and audio.
An introduction to basic programming syntax in Java by creating a simple program. Viewers can follow the tutorial as they create their first class in Java. Definitions and explanations about each element are given to help prepare viewers for future …
Viewers will learn how to properly install Eclipse with the necessary JDK, and will take a look at an introductory Java program. Download Eclipse installation zip file: Extract files from zip file: Download and install JDK 8: Open Eclipse and …

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question