apache restrict access by ip

Apache Restrict Access by IP

Sometimes you may need to limit access or deny access by IP to your website. Apache allows you to limit directory access by IP, restrict file access by IP, limit URL access by IP. In fact, it allows you to restrict access to single IP, multiple IPs and range of IP addresses. In this article, we will look at how to restrict access by IP in Apache web server.


Apache Restrict Access by IP

Here are the steps to restrict access by IP in Apache.


1. Open Apache Configuration File

Apache configuration file is located at one of the following locations, depending on your Linux distribution.

  • /etc/apache2/httpd.conf
  • /etc/apache2/apache2.conf
  • /etc/httpd/httpd.conf
  • /etc/httpd/conf/httpd.conf

Open terminal and run the following command to open Apache configuration page.

$ sudo vi /etc/httpd/conf/httpd.conf

If you make changes in Apache server configuration file, it will be applicable for all websites/domains that you run on your Apache web server.


Apache Restrict Access by IP in Virtual Host

If you are running multiple websites on Apache server, using virtual host, then open the virtual host configuration file of the website (e.g www.website.com) for which you want to deny access to IP. Let’s say your virtual host configuration file is located at /etc/apache2/sites-enabled/website.conf

$ sudo vi /etc/apache2/sites-enabled/website.conf

Also read : How to Enable HTTP2 in Apache


2. Restrict Access by IP

Once you have opened the appropriate configuration file, look for <Directory> tag. Let us assume you want to limit access to /product directory by IP 45.34.21.10.

Apache provides Deny directive to block one or more IP addresses. Add the following line in Directory tag

Deny 45.34.21.10

Your Directory tag will look something like the following

<Directory /var/www/html/product>
   ...
   Deny 45.34.21.10
   ...
</Directory>

Also read : How to Enable Apache Server Status Dashboard


Apache Limit Access by multiple IP

If you want to limit access to multiple IPs, add separate Deny directives for each IP.

In the following example, we limit access to IPs 45.34.21.10 and 65.34.23.12

<Directory /var/www/html/product >
   ...
   Deny 45.34.21.10
   Deny 65.34.23.12
   ...
</Directory>


Apache Limit File Access by IP

If you want to limit access to specific file such as /example.pdf then add a location block inside the Directory tag

<Directory /var/www/html/product>
...
   <location /example.pdf>
    ...
    Deny 45.34.21.10
    ...
   </location>
...
<Directory>

Also read : How to Remove x-powered-by in Apache/PHP


Apache Restrict Access by IP inside Virtual Host

You can also deny access to URL or directory inside virtual host by simply adding a location block inside <VirtualHost> tag. Here’s an example to limit access to file /example.pdf inside virtual host.

<VirtualHost *:8080>
...
   <location /example.pdf>
    ...
    Deny 45.34.21.10
    ...
   </location>
...
<VirtualHost>

Also read : How to Disable HTTP Options Methods in Apache


3. Restart Apache web server

Restart Apache web server to apply changes.

# service httpd restart
OR 
# systemctl restart httpd
OR
# sudo service apache2 restart

Now when a user tries to access your URL or directory from blocked IP address, they will get a “403: Access Forbidden” response.

Ubiq makes it easy to visualize data in minutes, and monitor in real-time dashboards. Try it today!