Controlling Web-Server Access by Hostname or IP Address
It’s easy as pie to get Apache serving something exciting, but at times, the joy of a running web server needs to be curbed by the stern eye of security. We’ll take a quick look at how to enable hostname or IP access control, creating a set of acceptance or denial rules for content we want restricted.
While Apache can certainly handle authenticated access control, we’re only going to touch on the location-based side of it for this hack (we get to usernames and passwords in our next one). To protect our Apache server, we’re going to open httpd.conf [Hack #89] with our favorite text editorand modify (or define) the directory we want protected. In our example, we’re going to protect the entire web server, so we’ll look for our document root, which should look something like this:
<Directory "/Library/WebServer/Documents"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order Allow,Deny Allow from all </Directory>
Quite simply, the Order Allow,Deny
and
Allow from all
lines are the magic that will stop
outside visitors from perusing our site. Right now, as these lines
stand, we’re wide open to the public. This is what
we’re going to end up
with:
<Directory "/Library/WebServer/Documents"> Options Includes FollowSymLinks MultiViews AllowOverride NoneOrder Deny,Allow
Deny from all
Allow from gatesmcfaddenco.org
</Directory>
See what we’ve done here? The first thing we did was
flip our Order
directive. This tells Apache ...
Get Mac OS X Hacks now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.