CODEWITHSUNDEEP
.htaccessmod-rewrite
radoo
radoo

Reputation: 168

.htaccess allow only one certain path from a certain ip

I need to allow access only to one particular url, and only from a certain ip (range).

What I tried (and it seemed like it would work but doesn't) is:

SetEnvIf Request_URI ^/call/this\.php/with/some/parameters url_ok
Order Deny,Allow
Deny from All
Allow from env=url_ok
Allow from 10.0.0.0/23
Satisfy All

The url restrictions works fine, however when i access it from 192.168.0.1 it's still visible, and it shouldn't be.

It does seem like the one "Deny from All" would not cover both env and ip restrictions, but I found no way to fix it.

Upvotes: 2

Views: 1805

Answers (1)

Jon Lin
Jon Lin

Reputation: 143876

I think the problem is how the Satisfy All is interpreted. The problem here is that the All means:

In this case the default behavior (All) is to require that the client passes the address access restriction and enters a valid username and password.

So the access restrictions is the Allow part of the "all", and the other part is the username/password. Since you aren't using authentication, that part is assumed to be satisfied. Now, the thing with the Allow directive is that they are all OR'ed, meaning satisfying any Allow is good enough. Example:

Allow from 1.2.3.4
Allow from 2.3.4.5

These directives are logically ORed together, since it's impossible to be from 1.2.3.4 AND 2.3.4.5 at the same time.

What you want to do is probably actually use mod_rewrite for something like this:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^10\.0\.0\.
RewriteRule ^call/this\.php/with/some/parameters - [L]
RewriteRule ^ - [L,F]

Upvotes: 1

Related Questions