I have an otherwise happily working server on Ubuntu 14.04. I'm trying to restrict access to a file using an allow/deny block:
<Files "login.php">
order deny,allow
deny from all
allow from 22.123.123.12
</Files>
This successfully denies all users and tells them "Forbidden. You don't have permission to access…". If I remove the "deny from all" line, it allows me to view the login screen.
But no matter what I do, and debug, I can't get it to let me view this file, when I'm using this IP address. The 'allow' statement never seems to work.
Some debugging already tried:
- I tried adding an
AllowOverride Allinto my host configuration to make sure that the file/authorisation module itself was working. - I've tried a bunch of other allow/deny statements
- This statement is currently in an .htaccess file, but I've tried moving it into the host configuration, which also doesn't work.
Other possibly relevant info:
- I've used a bit of PHP to output my IP on a webpage: it is successfully recognised as being 22.123.123.12.
- I'm using SSL for the webpage, so I'm accessing the file at https://example.com/login.php. Not sure if that would affect things.
I'm starting to suspect that for some reason the server doesn't think I'm at this IP address, but can't figure out how that would be the case. Any ideas?
Best Answer
Thanks to @ChrisLam's comment, I realised that the IP address being shown in the access logs wasn't the same as my current IP.
This IP, 108.162.225.167, appeared to be matched with the servers of CloudFlare.com, which we are using to speed up the site.
Although there was a rule set to not cache this page, the IP addresses of requests were still not being passed back to the server. CloudFlare say that:
Installing CloudFlare's
mod_cloudflaremodule for Apache httpd allows these IP addresses to be passed back to the server, and fixed my problem perfectly.Download and information available on CloudFlare's site: https://www.cloudflare.com/resources-downloads#mod_cloudflare