How to Limit Access to Web Directories Based on Hosts

If you want to limit access to a specific directory, you should consider two techniques:

  1. Authorization Based on Hosts: when the users are limited in number and sources. I will show an example in this post to demonstrate the authorization scheme.
  2. Password-Protected Directory: when the users are arbitrary or their source are very dynamic. For more details, please refer to my post: How to Password Protect Web Directories by HTDIGEST

For example, you'd like to allow clients only from 10.43.29.0/24 to access to directory /private, you can do this:

[root@localhost html]# vi /etc/httpd/conf/httpd.conf
...
<Directory /var/www/html/private>
    Order Deny,Allow
    Deny from all
    Allow from 10.43.29.0/24
</Directory>
...

Please note that "10.43.29.0/24" is in CIDR notation.

Leave a Reply

Your email address will not be published. Required fields are marked *