?
Solved

MOD_REWRITE : I want to block access to all my files except from certian ip's/domains...

Posted on 2004-10-19
24
Medium Priority
?
429 Views
Last Modified: 2008-02-20
I want to use MOD_REWRITE to block access to my files on my server(even broswer access, if possible) EXCEPT from domains/ips I specify


much thanks..
Caiapfas
0
Comment
Question by:Caiapfas
  • 12
  • 8
  • 4
24 Comments
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352748
Here is an example of a mod-rewrite rule:

rewriteEngine on
rewriteCond %{HTTP_user_agent} Mozilla/4.0 (compatible; MSIE 6.0; Windows 98; Toshiba Corporation)
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriterule!(403\.html¦404\.html) - [F,L]

This will block any one using Mozilla with the IP of 55.55.*

The Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

is very useful.  Also knowing Regular Expression will help.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12352763
I forgot to mention the final rule sends the users to a 404.html or 403.html document (missing, moved), so make sure you have one.

-Ram
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352821
thats not what I wanted and my attempts have fails I want all blocked and sent to a certian page EXCEPT the ips/doamins i list within the rule....but thanks
0
Never miss a deadline with monday.com

The revolutionary project management tool is here!   Plan visually with a single glance and make sure your projects get done.

 
LVL 5

Expert Comment

by:rsriprac
ID: 12352909
Read the "Deny/Allow Certian IP Addresses" section.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12352923
no I want to use mod_rewrite to direct them diffrect file/page.....not just deny them
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353259
O ok:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.1.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353262
some errors, I mean:

i.e. Sent all IP 55.55.* to /homepage.1.html, all IP 55.66.* to  /homepage.2.html, and all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353282
For a list go:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^55\.57\.*$
RewriteRule  ^/$                 /homepage.1.html  [L]

rewriteCond %{REMOTE_ADDR} ^55\.66\.*$
rewriteCond %{REMOTE_ADDR} ^55\.67\.*$
rewriteCond %{REMOTE_ADDR} ^55\.68\.*$
RewriteRule  ^/$                 /homepage.2.html  [L]

RewriteRule  ^/$                 /homepage.all.html  [L]

i.e. Sent all IP 55.55.* to /homepage.1.html, sent all IP 55.56.* to /homepage.1.html, sent all IP 55.57.* to /homepage.1.html

and

sent all IP 55.66.* to /homepage.2.html, sent all IP 55.67.* to /homepage.2.html, sent all IP 55.68.* to /homepage.2.html

finally, all others to /homepage.all.html.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12353292
REad the mod_rewrite Apache Doc at:

http://httpd.apache.org/docs/mod/mod_rewrite.html

You'll learn alot more fancy tricks.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12353636
no, you are doing some GREAT script writing but we must be misunderstanding...

I want to send all traffic to page.htm
and only the few ip I list are all access to the files/site...get it?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354538
why not just use a .htaccess file and set your 403 page as this "page.htm"
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354588
BECAUSE i have site accessing files on this server that i want to allow to do so, but any and all other = where i send them,
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12354590
including users
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12354643
you can use htaccess to block IPs, or only allow a list of IPs/hosts

eg:

order deny,allow
deny from all
allow from localhost
allow from 192.168.0.4


that would only allow the local machine and 192.168.0.4 to access the directory/subdirs/files
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12355016
can i allow domains or will i need the ip for all?
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355043
sure


allow from .mydomain.com

allows all subdomains (eg pies.mydomain.com, candy.mydomain.com, etc)


allow from pie.mydomain.com

allows only from pie.mydomain.com
0
 
LVL 16

Expert Comment

by:OliWarner
ID: 12355048
here's quite a good guide to mastering your htaccess

http://www.javascriptkit.com/howto/htaccess.shtml
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12363607
How bout this:

rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]

Will allow only 55.55.* to access any, while all other request wll be routed page.html.
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12373078
ok so how can i do more than one ip ...
please I want to be able to allow domians
I even want to disallow the server the files are housed on
0
 
LVL 5

Accepted Solution

by:
rsriprac earned 1500 total points
ID: 12374991
More domains:

rewriteCond %{REMOTE_ADDR} ^55\.54\.*$
rewriteCond %{REMOTE_ADDR} ^55\.55\.*$
rewriteCond %{REMOTE_ADDR} ^55\.56\.*$
rewriteCond %{REMOTE_ADDR} ^*.foobar.com$

RewriteRule  ^/(*)$                 /\1  [L]

rewriteCond %{REMOTE_ADDR} ^*$
RewriteRule  ^(*)$                 /page.html  [L]
0
 
LVL 2

Author Comment

by:Caiapfas
ID: 12375625
what if i wanted to put full ips in there?
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375794
its fine.
0
 
LVL 5

Expert Comment

by:rsriprac
ID: 12375798
i.e. rewriteCond %{REMOTE_ADDR} ^55\.54\.55\.55$
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

When you see single cell contains number and text, and you have to get any date out of it seems like cracking our heads.
When you discover the power of the R programming language, you are going to wonder how you ever lived without it! Learn why the language merits a place in your programming arsenal.
In this seventh video of the Xpdf series, we discuss and demonstrate the PDFfonts utility, which lists all the fonts used in a PDF file. It does this via a command line interface, making it suitable for use in programs, scripts, batch files — any pl…
Six Sigma Control Plans

599 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question