Tue
22
Aug 2017
I wanted to do some web development locally, so I installed Apache 2.2, PHP, and MySQL on my Windows 10 machine. When configuring it, I wanted to restrict access to the Apache server to two machines only - local one and another one in my local network.
The way to do it is to enable and use mod_authz_host module. In file C:\Apache2\conf\httpd.conf I needed to make sure that following line is not commented:
LoadModule authz_host_module modules/mod_authz_host.so
Then I could add appropriate directives to <Directory ...>
section of this file, or alternatively use them in .htaccess file located next to files of my website.
To deny access from all addresses except my two computers, I started from this:
Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23
After restarting Apache (needed to apply any changes in configuration), I found out that I could access my website from the other computer, but not from the local one. I quickly recalled that connections to the same machine go through special loopback interface and use special address: localhost, which has IP 127.0.0.1. So I changed my configuration to this:
Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23
Allow from 127.0.0.1
It didn't work either. That's when I started to search for address where the local connection comes from, using Process Hacker - Network tab, as well as Apache log in file C:\Apache2\logs\access.log. What I found out is that the loopback connection uses IPv6, where address of localhost is: "::1" - however strange it may seem. Explanation of this format can be found here: IPv6 at Wikipedia.
Apache accepts this form of address, so following configuration finally allowed me to connect from my local computer, as well as the other computer from my network:
Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23
Allow from 127.0.0.1
Allow from ::1
Comments | #webdev #networking Share