Thelma
On 11/29/2020 03:22 AM, Michael wrote:
> On Sunday, 29 November 2020 07:30:16 GMT the...@sys-concept.com wrote:
>> I'm trying to deny access to all except specific IP address in a
>> directory, just testing it.
>>
>> In modules.d/00_default_settings.conf
>>
>> <Directory "/var/www/localhost/htdocs">
>> Options MultiViews
>> AllowOverride All
>> Require all granted
>> </Directory>
>>
>> in admin/.htaccess
>>
>> <RequireAll>
>> Require all denied
>> Require ip 10.0.0.100
>> </RequireAll>
>>
>> My IP is 10.0.0.112 and I can still access the server /admin directory
>>
>> What am I missing?
>
> In apache 2.4 the access control syntax has changed. The RequireAll
> directive
> means *all* authorisation directives within it must succeed.
>
> https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#requireall
>
> What happens if you just remove the first line, "Require all denied"?
As you suggested I have:
in admin/.htaccess
<RequireAll>
Require ip 10.0.0.100
</RequireAll>
My IP is: 10.0.0.112 and it still allow me to access it. I know apache
2.4 is reading the file as the the below direcive works.
AuthName "restricted stuff"
AuthType Basic
AuthUserFile "/etc/apache2/users"
require user webmaster
I've tried adding
RewriteEngine on
With it, I can not login at all (access denied) regardless of IP.
