Apache Deny Access to URL, Files & Directory

Sometimes you may need to limit access to URL, files & directories on your website, due to their sensitive information. Apache makes it easy to restrict access using Deny and Allow server directives. In this article, we will look at how to deny access to URL, File & Directory in Apache web server.


Apache Deny Access to URL, Files & Directory

Here are the steps to restrict access to URL, files & directories in Apache.

1. Open Apache Configuration File

Apache configuration file is located at one of the following locations, depending on your Linux distribution.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf
  • /etc/httpd/conf/httpd.conf

Open terminal and run the following command to open Apache configuration page.

$ sudo vi /etc/httpd/conf/httpd.conf

If you make changes in Apache server configuration file, it will be applicable for all websites/domains that you run on your Apache web server.


Apache Restrict Access by IP in Virtual Host

If you are running multiple websites on Apache server, using virtual host, then open the virtual host configuration file of the website (e.g www.website.com) for which you want to deny access to IP. Let’s say your virtual host configuration file is located at /etc/apache2/sites-enabled/website.conf

$ sudo vi /etc/apache2/sites-enabled/website.conf

Also read : How to Enable Server Side Includes in Apache


2. Restrict Access by IP

Let us assume you want to limit access to /product.html URL by IP 45.34.21.10. Once you have opened the appropriate configuration file, look for <Location> tag for the above URL.

Apache provides Deny directive to block one or more IP addresses. Add the following line in Location tag

Deny 45.34.21.10

Your Location tag will look something like the following

<Location /product.html>
   ...
   Deny 45.34.21.10
   ...
</Location>

If you want to block IP from accessing a specific directory such as /admin, then add the above Deny directive location block of /admin subfolder.

<Location /admin>
   ...
   Deny 45.34.21.10
   ...
</Location>

If you want to block IP from accessing a specific file such as /var/www/html/input.html, then add the above Deny directive in Directory block of input.html file.

<Directory /var/www/html/input.html>
   ...
   Deny 45.34.21.10
   ...
</Directory>

Please note, use Location block to restrict access to URLs (e.g /index.html, /product ) and use Directory block to limit access to files (e.g /var/www/html/config.php). These Location and Directory blocks can be placed in Apache server configuration file, or virtual host block.

Also Read : How to Disable ETags in Apache


Apache Limit Access by multiple IP

If you want to limit access to multiple IPs, add separate Deny directives for each IP.

In the following example, we limit access to IPs 45.34.21.10 and 65.34.23.12

<Location /product.html >
   ...
   Deny 45.34.21.10
   Deny 65.34.23.12
   ...
</Location>

If you want to restrict access by IP range such as 45.54.20.0-45.54.20.255 then you can do it by using CIDR notation of this IP range. Here’s the configuration to restrict access from above IP range.

<Location /product.html >
   ...
   Deny 45.54.20.0/24
   ...
</Location>

Also read : How to Fix 414 Request Too Large Error


3. Restart Apache web server

Restart Apache web server to apply changes.

# service httpd restart
OR 
# systemctl restart httpd
OR
# sudo service apache2 restart

Now when a user tries to access your URL, file or directory from blocked IP address, they will get a “403: Access Forbidden” response.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!

mm

About Ubiq

Ubiq is a powerful dashboard & reporting platform for small & medium businesses. Build dashboards, charts & reports for your business in minutes. Get insights from data quickly. Try it for free today!