2 Replies - 5030 Views - Last Post: 22 August 2012 - 09:20 AM

#1 polska03  Icon User is offline

  • D.I.C Regular

Reputation: 5
  • View blog
  • Posts: 302
  • Joined: 28-November 09

only allow specific ip addresses to access specific url

Posted 17 August 2012 - 02:52 PM

Hello I have a url (https://website.com?q=admin) that I only want to be able to be accessed if the user is from a certain ip address and it would be helpful too if they had to type in a username and password. I am a rookie when it comes to apache, I know I could use a passwd and htaccess file to block a directory or file, but have no idea how to block a specific url. The main idea is I don't want anyone to pass the admin variable ( I have a php script that asks for a password when it is passed) but I also want to add security on the web server layer. Any help would be greatly appreciated.

Cheers

Is This A Good Question/Topic? 0
  • +

Replies To: only allow specific ip addresses to access specific url

#2 Atli  Icon User is offline

  • D.I.C Lover
  • member icon

Reputation: 3730
  • View blog
  • Posts: 6,017
  • Joined: 08-June 10

Re: only allow specific ip addresses to access specific url

Posted 17 August 2012 - 05:01 PM

In that situation, you'd probably be best of using mod_rewrite. For example, consider this:
RewriteEngine On
RewriteCond %{QUERY_STRING} q=admin
RewriteCond %{REMOTE_ADDR} !=67.228.133.106
RewriteRule ^(index\.(php|html?))?$ - [F]


This consists of two conditions that if pass trigger a URL rewrite rule that forbids access to the page.

The two conditions are: 1) That the query string includes a "q=admin" part, and 2) that the IP address of the client doesn't match the specified address. - If both conditions are true, then the RewriteRule is triggered, which looks for either an empty path, or an index file. If it finds it it will prevent the page from loading and it will pass a 403 HTTP status code back to the browser.

Essentially, anybody who isn't coming from that IP address and requests http://example.com/?q=admin will just receive a "Forbidden" message from their browser.
Was This Post Helpful? 0
  • +
  • -

#3 ToshNeox  Icon User is offline

  • D.I.C Head

Reputation: 8
  • View blog
  • Posts: 100
  • Joined: 10-December 11

Re: only allow specific ip addresses to access specific url

Posted 22 August 2012 - 09:20 AM

Alternatively, if you're making some sort of administration panel, you could just use whatever language to check the user's IP.

I don't know what language you're using, but in PHP you could do:

if($_SERVER['REMOTE_ADDR'] == "123.123.123.123")  // Check their IP
{
    // Allow access
}
else
{
    // Tell them to bog off
}


This post has been edited by ToshNeox: 22 August 2012 - 09:22 AM

Was This Post Helpful? 0
  • +
  • -

Page 1 of 1