Require ip x.x.x.x not working in Apache 2.4

apache-2.4

I edited my apache2.conf (on Ubuntu) to restrict access to all except from one IP, but I still can access from other IPs. Below is my configuration:

<Directory />
        Options FollowSymLinks
        AllowOverride None
        Require all denied
</Directory>

<Directory /usr/share>
        AllowOverride None
        Require ip x.x.x.x
</Directory>

<Directory /var/www/>
        Options Indexes FollowSymLinks
        AllowOverride All
        Require ip x.x.x.x
</Directory>

authz_core module is loaded, so is there something wrong? Thanks.

Best Answer

Example of access restriction from IP addresses for Apache 2.4:

<Directory /var/www/>
    Options Indexes FollowSymLinks
    AllowOverride All
    <IfModule mod_authz_core.c>
      <RequireAny>
        Require ip 127.0.0.1
        Require ip ::1
        Require ip x.x.x.x
      </RequireAny>
    </IfModule> 
</Directory>

Don't forget to restart apache service by running this command:

service httpd restart

Also don't use directory / for security reasons.

Related Solutions

Apache2 “Require all granted” doesn’t work

Here are two things to try:

1) Run apachectl -t to check the syntax of your file is valid.

2) Run apachectl -S to show which files are being parsed.

For example, you may be editing /usr/local/etc/apache2/2.4/httpd.conf and that's it right? ...but if you run apachectl -S you might see:

VirtualHost configuration:
*:80                   localhost (/private/etc/apache2/extra/httpd-vhosts.conf:23)

ie. The virtual host is overriding your httpd.conf, and may contain its own Require all denied or similar.

NginX reverse proxy with iRedMail Apache2

Your problem is here:

location ~ \.php$ {
        proxy_set_header X-Real-IP  $remote_addr;
        proxy_set_header X-Forwarded-For $remote_addr;
        proxy_set_header Host $host;
        proxy_pass http://127.0.0.1:8080/;
}

You cannot use proxy_pass in a location that is not static. You should do it the other way around. Make a list of things that shall be loaded locally by nginx and then pass the location / using proxy_pass back to Apache.

Best Answer

Related Solutions

Apache2 “Require all granted” doesn’t work

NginX reverse proxy with iRedMail Apache2

Related Topic