Deny all, allow only one IP through htaccess

.htaccess

I'm trying to deny all and allow only for a single IP. But, I would like to have the following htaccess working for that single IP. I'm not finding a way to have both working: the deny all and allow only one, plus the following options:

<IfModule mod_rewrite.c>
    RewriteEngine On
    RewriteBase /

    #Removes access to the system folder by users.
    #Additionally this will allow you to create a System.php controller,
    #previously this would not have been possible.
    #'system' can be replaced if you have renamed your system folder.
    RewriteCond %{REQUEST_URI} ^system.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]

    #When your application folder isn't in the system folder
    #This snippet prevents user access to the application folder
    #Submitted by: Fabdrol
    #Rename 'application' to your applications folder name.
    RewriteCond %{REQUEST_URI} ^application.*
    RewriteRule ^(.*)$ /index.php?/$1 [L]

    #Checks to see if the user is attempting to access a valid file,
    #such as an image or css document, if this isn't true it sends the
    #request to index.php
    RewriteCond %{REQUEST_FILENAME} !-f
    RewriteCond %{REQUEST_FILENAME} !-d
    RewriteRule ^(.*)$ index.php?/$1 [L]
</IfModule>

<IfModule !mod_rewrite.c>
    # If we don't have mod_rewrite installed, all 404's
    # can be sent to index.php, and everything works as normal.
    # Submitted by: ElliotHaughin

    ErrorDocument 404 /index.php
</IfModule>

Is there a way to make this work?


Solution 1:

order deny,allow
deny from all
allow from <your ip>

Solution 2:

I know this question already has an accepted answer, but the Apache documentation says:

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.

So, a more future-proof answer would be:

<RequireAll>
    Require ip xx.xx.xx.xx yy.yy.yy.yy
</RequireAll>

Hopefully, I've helped prevent this page from becoming one of those "outdated tutorials". :)

Solution 3:

This can be improved by using the directive designed for that task.

ErrorDocument 403 /specific_page.html
Order Allow,Deny
Allow from 111.222.333.444

Where 111.222.333.444 is your static IP address.

When using the "Order Allow,Deny" directive the requests must match either Allow or Deny, if neither is met, the request is denied.

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order

Solution 4:

Slightly modified version of the above, including a custom page to be displayed to those who get denied access:

ErrorDocument 403 /specific_page.html
order deny,allow
deny from all
allow from 111.222.333.444

...and that way those requests not coming from 111.222.333.444 will see specific_page.html

(posting this as comment looked terrible because new lines get lost)

Related

Spring Boot not serving static content
Default visibility for C# classes and members (fields, methods, etc.)?
Python - List of unique dictionaries
Classpath resource not found when running as jar
disable viewport zooming iOS 10+ safari?
How to "scan" a website (or page) for info, and bring it into my program?
What is the fastest way to transpose a matrix in C++?
How to validate inputs dynamically created using ng-repeat, ng-show (angular)
How can I link to a specific glibc version?
Why does Ruby 1.9.2 remove "." from LOAD_PATH, and what's the alternative?
(![]+[])[+[]]... Explain why this works
How to get visitor's location (i.e. country) using geolocation?