We have several websites setup on one server; each site is a name based virtual host. We want to limit access to these websites to a set of specific IP addresses. In researching this, it looks like .htaccess would be the easy, simple solution, but I cannot get it to work.
The first thing I did was allow overrides in one of the directories (for testing only; the plan is to have all three websites subject to the same IP verification) by putting the following ("changed 8/22") in httpd.conf:
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
###################CHANGED 8/22######################
#
<Directory /var/AllowOverride All
</Directory>
I then went to the /var/ directory and created an .htaccess file with the following contents:
order deny,allow
deny from all
allow from 204.255.212.16
The IP address I am testing from is NOT the above address, so I should be blocked.
When I try to access the site, I get a "Fedora Test Page" with the following: "This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured"
...and a lot of other text.
Can anyone tell me where I'm going wrong? Every site that explains how to use .htaccess makes it sound like all you have to do is put the file in the directory you want protected and Boom! it works. I'm not having that kind of luck.
The first thing I did was allow overrides in one of the directories (for testing only; the plan is to have all three websites subject to the same IP verification) by putting the following ("changed 8/22") in httpd.conf:
# AllowOverride controls what directives may be placed in .htaccess files.
# It can be "All", "None", or any combination of the keywords:
# Options FileInfo AuthConfig Limit
#
AllowOverride None
#
# Controls who can get stuff from this server.
#
Order allow,deny
Allow from all
</Directory>
#
###################CHANGED 8/22######################
#
<Directory /var/AllowOverride All
</Directory>
I then went to the /var/ directory and created an .htaccess file with the following contents:
order deny,allow
deny from all
allow from 204.255.212.16
The IP address I am testing from is NOT the above address, so I should be blocked.
When I try to access the site, I get a "Fedora Test Page" with the following: "This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page, it means that the web server installed at this site is working properly, but has not yet been configured"
...and a lot of other text.
Can anyone tell me where I'm going wrong? Every site that explains how to use .htaccess makes it sound like all you have to do is put the file in the directory you want protected and Boom! it works. I'm not having that kind of luck.