13

I've a subdomain that I only want to be accessible internally; I'm trying to achieve this in Apache by editing the VirtualHost block for that domain. Can anybody see where I'm going wrong? Note, my internal IP address here are 192.168.10.xxx. My code is as follows:

<VirtualHost *:80> ServerName test.example.co.uk DocumentRoot /var/www/test ErrorLog /var/log/apache2/error_test_co_uk.log LogLevel warn CustomLog /var/log/apache2/access_test_co_uk.log combined <Directory /var/www/test> Order allow,deny Allow from 192.168.10.0/24 Allow from 127 </Directory> </VirtualHost>

Thanks

Improve this question

3 Answers 3

Reset to default
15

You're missing the Deny from all line? Oh, and using the wrong order.

Quoting the mod_access docs:

[...] all hosts in the apache.org domain are allowed access; all other hosts are denied access.

Order Deny,Allow Deny from all Allow from apache.org
Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

I gave it a go, but no luck. What's happening when I try and view the site is it's returning a 403 forbidden, no matter where I try from.
5

The problem is your allow line for the local network. Replace Allow from 192.168.10.0/24 with Allow from 192.168.10. (will allow 192.168.10.*).

For completeness, add a Deny from all line to make it clear that you're blocking everyone else.

Improve this answer

4 Comments

I gave that a try but still no luck, it is coming up forbidden no matter where I try from. Thanks
It sounds like your config is getting overwritten somewhere, as I tested the config and it worked. Take a look at your other config files for access rules. For example, Debian based distros will put extra restrictions in /etc/apache2/conf.d/security.
This answer helped me, but a code sample would help even more. I found this in the two answers here: serverfault.com/a/323611/12448
Sorry hamlin11, but how could it be more helpful? I give exactly what needs to be changed in the above config example to make it work.
1

I suppose the path inside Directory tag should be simply /

<VirtualHost *:80> ServerName test.example.co.uk DocumentRoot /var/www/test ErrorLog /var/log/apache2/error_test_co_uk.log LogLevel warn CustomLog /var/log/apache2/access_test_co_uk.log combined <Directory /> Order allow,deny Allow from 192.168.10.0/24 Allow from 127 </Directory> </VirtualHost>

and please don't forgot to restart apache

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.