Reputation: 4323
Apache block an ip address from accessing the website
someone trying to access pages like
//mysqladmin//scripts/setup.php
Is it some hack attempt or .. ?
If yes then how i can block its ip from accessing mine website ?
Via htaccess or something else ?
Upvotes: 15
Views: 58247
Answers (2)
Reputation: 1567
As an update to this old question for those who still land here:
Order Allow Deny are deprecated as of Apache 2.4 and Require should be used.
An example of Allow from all to deny access to only IP 1.2.3.4.
<RequireAll>
Require all granted
Require not ip 1.2.3.4
</RequireAll>
An example of Deny from all to allow access to only IP 1.2.3.4:
<RequireAll>
Require all denied
Require ip 1.2.3.4
</RequireAll>
IP ranges, netmasks, CIDR notation, etc. can also be specified.
https://httpd.apache.org/docs/2.4/mod/mod_access_compat.html (Deprecated) https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require
Upvotes: 30
Reputation: 7213
To block special IP addresses you can put the following in a .htaccess file located in your directory, you like to restrict:
order allow,deny
deny from 1.2.3.4
allow from all
Where 1.2.3.4 is the IP you like to block.
But note that IP adresses change users and also attackers change IP adresses.
So this will not secure your application and potentially block leagal visitors.
The better solution will be to make sure your script does not accept malicious paths.
- Append a base path to the path you get from the user
- Make sure the path you get from the user does not contain '../'
Upvotes: 11
Related Questions
- How to block by ip with Apache
- Deny certain IP's
- deny and allow ip access .htaccess
- Cannot allow only particular IP Address access my website with apache 2.4
- Blocking ip with htaccess
- Block access from IP address in Apache2
- Block IP access to specific page only
- Apache Module - block an IP address
- Restrict access to website from its ip address.
- Restricting access to website, allowing only a single IP access