How to Restrict Access by IP in Apache Web Server

Restrict IP Address Apache Web Server Techhyme

In the realm of web server security, restricting access to specific IP addresses is a fundamental measure to control and safeguard your resources. Apache, a widely used web server, provides a flexible and robust mechanism to restrict access at various levels, including directories, files, and URLs.

In this article, we will explore the step-by-step process of restricting access by IP in Apache.

Locating the Apache Configuration File

The Apache configuration file can be found in different locations depending on your Linux distribution. Common locations include:

/etc/apache2/httpd.conf
/etc/apache2/apache2.conf
/etc/httpd/httpd.conf
/etc/httpd/conf/httpd.conf

To open the Apache configuration file, use a text editor. For example:

nano /etc/httpd/conf/httpd.conf

If you are managing multiple websites using virtual hosts, and you want to apply IP restrictions to a specific site, open the virtual host configuration file instead:

nano /etc/apache2/sites-enabled/website.conf

Restricting Access by IP

1. Single IP Restriction: Suppose you want to limit access to the `/product` directory for the IP address `45.34.21.10`. Within the appropriate `<Directory>` tag, add the following line:

<Directory /var/www/html/product>
  ...
  Deny from 45.34.21.10
  ...
</Directory>

2. Multiple IP Restriction: To limit access to multiple IPs, add separate `Deny` directives for each IP:

<Directory /var/www/html/product>
  ...
  Deny from 45.34.21.10
  Deny from 65.34.23.12
  ...
</Directory>

3. File-Specific IP Restriction: If you want to restrict access to a specific file, like `/example.pdf`, add a `<Location>` block inside the `<Directory>` tag:

<Directory /var/www/html/product>
  ...
    <Location /example.pdf>
      Deny from 45.34.21.10
    </Location>
  ...
</Directory>

After making these changes, ensure there are no syntax errors in your configuration:

apache2ctl configtest                               # For Debian/Ubuntu
apachectl configtest                                # For Red Hat/CentOS

If no errors are reported, restart the Apache web server to apply the changes:

service apache2 restart                             # For Debian/Ubuntu
systemctl restart httpd                             # For Red Hat/CentOS

To confirm that the IP restrictions have been successfully applied, attempt to access your URL or directory from a blocked IP address. Users from blocked IPs will receive a “403: Access Forbidden” response.

By following these steps, you have successfully implemented IP-based access restrictions in your Apache web server, enhancing the security posture of your web resources. Regularly review and update your server configurations to align with best security practices and stay resilient against evolving threats in the dynamic landscape of web security.

Post Views: 391

You may also like: