Returning 404 code for unauthorized attempts

apache-2.2 .htaccess

Well, close:

<Location /admin>
     Order deny,allow
     Allow from 10.0.0.1
     Allow from 192.168.1.1
     Deny from all
</Location>

Though what this actually does is return a 403 Forbidden, not a 404 Not Found, which is, y'know, correct.

If you're putting this in a .htaccess in the admin directory, you don't need the Location container. The example is written for a server or virtual host configuration file.

See also mod_access docs.

For what it's worth, as time has worn on I've increasingly come to find value in putting the site admin on an entirely separate virtual host.


You can use mod_rewrite to do that.

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !=10.0.0.1 [OR]
RewriteCond %{REMOTE_ADDR} !=10.0.0.1
RewriteRule ^admin($|/) - [L,R=404]

Note that the R=404 flag requires at least Apache 2.1.1.

Related

Icinga-web doesn't update when i change configuration
OpenSSH: Different Authentication Methods
OpenVPN bad source address from client
Where are nftables counters logged/stored, and how long do they persist?
"Anonymous Logon" vs "NTLM V1" What to disable?
ProxyPass only if file doesn't exist
Converting Multiple VMware disk image to single disk image
Random SSH entries in Auth.log out of date order [duplicate]
How to hide a trusted domain in the logon screen?
dnsResolve and isInNet functions Problem
multiple puppet masters
Modify XFS filesystem creation parameters during kickstart installation