White-listing IP addresses for your Apache virtual hosts

I tried setting up some sites on public hosting company where I needed to set it up in a way where only specified IP addresses are allowed to access them. Below is what I did.

Basic config

Below is the basic configuration:

<Directory "/srv/httpd/htdocs/mydomain.com">
    Options Indexes FollowSymLinks
    AllowOverride All
    Order deny,allow
    Allow from 127.0.0.1
    Allow from xxx.xxx.xxx.xxx
    Allow from xxx.xxx.xxx.xxx
    Deny from all
</Directory>

Organized

Since I’m doing this IP blocking for many sites, it make sense to simplify the configuration so that I only need to edit a single list of IP that would apply to all sites. What I did is put the config on file and include it on each virtual host config. Below is the filename and the sample content.

File: /etc/httpd/block-world.conf

Order deny,allow
Allow from 127.0.0.1
Allow from xxx.xxx.xxx.xxx
Allow from xxx.xxx.xxx.xxx
Deny from all

Then for each virtual host, I include the file like this:

<Directory "/srv/httpd/htdocs/mydomain.com">
    Options Indexes FollowSymLinks
    AllowOverride All
    Include /etc/httpd/block-world.conf
</Directory>

That’s it. Share and enjoy.

This entry was posted in Apache and tagged , . Bookmark the permalink.

Related Posts

5 Responses to White-listing IP addresses for your Apache virtual hosts

  1. Guus Disselkoen says:

    When I try to add this I get the following error when restarting Apache: order not allowed here. So it doesn’t work.

  2. lysender says:

    Gunus,

    What version of Apache are you using? It is probably due to the Apache version of something. Try to swap the allow,deny values.

  3. Tony says:

    Very helpful information. Thanks for the clear and straight to the point info!

  4. Julien says:

    In your example, if you use the directive “Order deny,allow” then you must follow with “Deny …” directives prior to “Allow..” ones.

  5. lysender says:

    @Julien, looks like you’re right. The order I have was to allow by default! But thanks to the deny from all line.

    I don’t have the test environment currently, so is this the correct configuration?


    Order allow,deny
    Allow from 127.0.0.1
    Allow from xxx.xxx.xxx.xxx
    Allow from xxx.xxx.xxx.xxx

Leave a Reply

Your email address will not be published. Required fields are marked *