Solved

MOD_REWRITE : I want to block access to all my files except from certian ip's/domains...

Posted on 2004-10-19
24
419 Views
Last Modified: 2008-02-20
I want to use MOD_REWRITE to block access to my files on my server(even broswer access, if possible) EXCEPT from domains/ips I specify


much thanks..
Caiapfas
0
Comment
Question by:Caiapfas
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 12
  • 8
  • 4
24 Comments
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352748
Here is an example of a mod-rewrite rule:

rewriteEngine on
rewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriterule!(403\.html¦404\.html) - [F,L]

This will block any one using Mozilla with the IP of 55.55.*

The Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

is very useful.  Also knowing Regular Expression will help.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352763
I forgot to mention the final rule sends the users to a 404.html or 403.html document (missing, moved), so make sure you have one.

-Ram
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352821
thats not what I wanted and my attempts have fails I want all blocked and sent to a certian page EXCEPT the ips/doamins i list within the rule....but thanks
0
Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 5

Expert Comment

by:rsriprac
ID: 12352904
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352909
Read the "Deny/Allow Certian IP Addresses" section.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352923
no I want to use mod_rewrite to direct them diffrect file/page.....not just deny them
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353259
O ok:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.1.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353262
some errors, I mean:

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.2.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353282
For a list go:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^55\.57\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
rewriteCond %{REMOTE_ADDR} ^55\.67\.*$
rewriteCond %{REMOTE_ADDR} ^55\.68\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, sent all IP 55.56.* to /homepage.1.html, sent all IP 55.57.* to /homepage.1.html

and

sent all IP 55.66.* to /homepage.2.html, sent all IP 55.67.* to /homepage.2.html, sent all IP 55.68.* to /homepage.2.html

finally, all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353292
REad the mod_rewrite Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

You'll learn alot more fancy tricks.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12353636
no, you are doing some GREAT script writing but we must be misunderstanding...

I want to send all traffic to page.htm
and only the few ip I list are all access to the files/site...get it?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354538
why not just use a .htaccess file and set your 403 page as this "page.htm"
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354588
BECAUSE i have site accessing files on this server that i want to allow to do so, but any and all other = where i send them,
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354590
including users
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354643
you can use htaccess to block IPs, or only allow a list of IPs/hosts

eg:

order deny,allow
deny from all
allow from localhost
allow from 192.168.0.4


that would only allow the local machine and 192.168.0.4 to access the directory/subdirs/files
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12355016
can i allow domains or will i need the ip for all?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355043
sure


allow from .mydomain.com

allows all subdomains (eg pies.mydomain.com, candy.mydomain.com, etc)


allow from pie.mydomain.com

allows only from pie.mydomain.com
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355048
here's quite a good guide to mastering your htaccess

http://www.javascriptkit.com/howto/htaccess.shtml
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12363607
How bout this:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]

Will allow only 55.55.* to access any, while all other request wll be routed page.html.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12373078
ok so how can i do more than one ip ...
please I want to be able to allow domians
I even want to disallow the server the files are housed on
0
 
LVL 5

Accepted Solution

by:
rsriprac earned 500 total points
ID: 12374991
More domains:

rewriteCond %{REMOTE_ADDR} ^55\.54\.*$
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^*.foobar.com$

RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12375625
what if i wanted to put full ips in there?
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375794
its fine.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375798
i.e. rewriteCond %{REMOTE_ADDR} ^55\.54\.55\.55$
0

Featured Post

On Demand Webinar - Networking for the Cloud Era

This webinar discusses:
-Common barriers companies experience when moving to the cloud
-How SD-WAN changes the way we look at networks
-Best practices customers should employ moving forward with cloud migration
-What happens behind the scenes of SteelConnect’s one-click button

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
jboss 7.1 start up error 1 83
what is the best Integrated development environment 2 65
Getting Variable not defined error in Python 1 80
Java ArrayList and if statement 2 55
Since upgrading to Office 2013 or higher installing the Smart Indenter addin will fail. This article will explain how to install it so it will work regardless of the Office version installed.
This is about my first experience with programming Arduino.
With the power of JIRA, there's an unlimited number of ways you can customize it, use it and benefit from it. With that in mind, there's bound to be things that I wasn't able to cover in this course. With this summary we'll look at some places to go…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question