Apache deny directive not working

apache-2.2configuration

Solution:
I have to put the allow/deny directives inside the first Directory directive(which also happens to be for the root). I'm guessing it's because it has a AllowOverride None that does't allow any children to specify allow/deny?

<Directory />
    Options FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
        Deny from xxx.xx.xxx.xx
</Directory>

Original:

This configuration still allows access to all IPs after apache restart

<VirtualHost *:80>

    ServerName  www.xxx.com

    DocumentRoot  /var/www/vhosts/xxx

    <Directory /var/www/vhosts/xxx>
        Options Indexes FollowSymLinks
        AllowOverride none
        Order deny,allow
        Deny from all                     
        Allow from 127.0.0.1
    </Directory>
</VirtualHost>

Best Answer

That should work. I just verified your code on my server to make sure I wasn't crazy. Are you sure you don't have a definition before this one that is taking precedence?

Create a test file in the folder on your server. Something like test.txt. You may find that you don't see it when you load that url in your browser. If that's the case then your definition above is getting skipped.

Related Topic