Results 1 to 3 of 3

Thread: Block access to all vhosts / shared vhosts command

  1. #1
    Join Date
    Dec 2008
    Posts
    263

    Block access to all vhosts / shared vhosts command

    Hi,
    I want to deny IP access to IPs in Apache level, for all vhosts
    I try to add
    Order Deny,Allow
    Allow from all
    Deny from 1.1.1.1
    in httpd-includes.conf file
    but this not working, any suggestion?

    Regards,

  2. #2
    Join Date
    May 2014
    Location
    Netherlands Germany
    Posts
    242
    Which Apache version while ip order deny allow is old, so better not for version 2.4.x

    Tryouts in htaccess first then read the Apache DOCS/WIKI
    DUTCH GERMAN, GERMAN DUTCH

  3. #3
    Join Date
    May 2008
    Posts
    484
    "Order Deny,Allow" is wrong for your case with the included clauses. With Deny,Allow you first specify the denied origins (the deny clause) and then the exceptions from that rule (the allowed clause). The IP address which you wish to block matches both clauses. So you first deny the IP and then allow it back.

    You must do it the opposite way - Order Allow,Deny, so you define firstly what is allowed (allow from all - everything is allowed) and then add a deny clause which is the exception from that rule (you block the specific IP).

    Briefly - your rule must be:

    Code:
    Order Allow,Deny
    Deny from 1.1.1.1
    Allow from all
    Another option is to use Order Deny,Allow, but skip the allowed part, eg:

    Code:
    Order Deny,Allow
    Deny from 1.1.1.1
    That way you specify the denied list with the IP first and then, since there is no allowed clause, there is no exception to that rule so it will work That will not block other IPs because they won't match in the deny clause.

    Most people prefer the first variant - I guess they feel safer when they see "allow from all" explicitly.
    Last edited by wattie; 07-23-2017 at 12:59 PM.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •