How to Restrict Access to Apache Server to Local Machine?

Warning! Some information on this page is older than 6 years now. I keep it for reference, but it probably doesn't reflect my current knowledge and beliefs.

Tue
22
Aug 2017

I wanted to do some web development locally, so I installed Apache 2.2, PHP, and MySQL on my Windows 10 machine. When configuring it, I wanted to restrict access to the Apache server to two machines only - local one and another one in my local network.

The way to do it is to enable and use mod_authz_host module. In file C:\Apache2\conf\httpd.conf I needed to make sure that following line is not commented:

LoadModule authz_host_module modules/mod_authz_host.so

Then I could add appropriate directives to <Directory ...> section of this file, or alternatively use them in .htaccess file located next to files of my website.

To deny access from all addresses except my two computers, I started from this:

Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23

After restarting Apache (needed to apply any changes in configuration), I found out that I could access my website from the other computer, but not from the local one. I quickly recalled that connections to the same machine go through special loopback interface and use special address: localhost, which has IP 127.0.0.1. So I changed my configuration to this:

Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23
Allow from 127.0.0.1

It didn't work either. That's when I started to search for address where the local connection comes from, using Process Hacker - Network tab, as well as Apache log in file C:\Apache2\logs\access.log. What I found out is that the loopback connection uses IPv6, where address of localhost is: "::1" - however strange it may seem. Explanation of this format can be found here: IPv6 at Wikipedia.

Apache accepts this form of address, so following configuration finally allowed me to connect from my local computer, as well as the other computer from my network:

Order deny,allow
Deny from all
Allow from 192.168.0.21
Allow from 192.168.0.23
Allow from 127.0.0.1
Allow from ::1

Comments | #webdev #networking Share

Comments

[Download] [Dropbox] [pub] [Mirror] [Privacy policy]
Copyright © 2004-2024