Denial of user access via ip-address through .htaccess files
Posted on 2009-07-13
I am trying to deny all users except those with source address 192.168.1.0 access to the root of my web site, hosted with Apache2 on a Debian server. The root of the web server is /var/www. So I changed the relevant lines in httpd.conf:
After this was done I created /var/www/.htaccess to contain this:
allow from 192.168.1.
deny from all
I even tried to comment away the allow line, so that the .htaccess file would deny all. I aldo tried the same example with several other folders, without luck.
If I try to access the website, I am granted access. No matter if everyone is denied or not, no matter the source IP if the client accessing. I set up authentication on another folder /var/www/Secured through a similar process. The difference was only the content of the .htaccess file and the inclusion of the password file created by htpasswd. The authentication system I setup worked at that attempt, but the denial of all clients or all clients except those in the specified IP-range did not work.