We are aware of a potentially service impacting issue. Learn more

.htaccess allow IP Apache 2.4 (with or without cloudflare) Print

  • apache, 2.4, limit, ip, access, htaccess
  • 3

Limiting access to a directory on IP basis can be a good way to stop attackers from bruteforcing your CMS, i.e. you could place this on the administrator directory for an application ( i.e. /administrator/ for Joomla or /wp-admin/ for Wordpress )

In Apache 2.4 this is a bit different from what you may be used from Apache 2.2 ; so here it goes:

Apache 2.4 htaccess example (without using proxy services like cloudflare)

<RequireAll>
Require ip 10.20.30.40
</RequireAll>

Now if you use a proxy service like cloudflare / incapsula things may be different as Apache does get the IP of those providers and you really do not want everyone to access the site; in that case you can use the X-Forwarded-For which contains the 'real' user IP. 

Apache 2.4 htaccess example with cloudflare

SetEnvIF X-Forwarded-For "10.20.30.40" AllowIP

<RequireAll>
Require env AllowIP
</RequireAll>

 

 (change the IP 10.20.30.40 with the IP you need; you can add multiple lines to provide access to more IP's; you can also add a complete network in CIDR notation).


Was this answer helpful?

« Back