Topic: Static IP Access

Is it possible to restrict Frontaccounting access from a Static IP Address?

2 (edited by cambell 10/11/2016 03:48:09 pm)

Re: Static IP Access

Something like this in a .htaccess file, assuming you're using Apache.

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} !/noway.html$
RewriteCond %{REMOTE_ADDR} !=
RewriteRule $ /noway.html [R=301,L]

or you could add an iptables firewall rule, again if its a linux box.


3 (edited by apmuthu 10/12/2016 02:29:55 am)

Re: Static IP Access

An Apache vhosts conf file would prevent .htaccess files being compromised. Most standard OpenVZ and other templates provide examples of such configs.

Here is one from a Debian FA apache conf where the rewrite conditions above be inserted:

ServerAdmin webmaster@localhost
ServerSignature Off
ServerTokens Prod

<IfModule mpm_prefork_module>
    StartServers 2
    MinSpareServers 1 
    MaxSpareServers 2
    MaxClients          50
    MaxRequestsPerChild 100

<VirtualHost *:80>

DocumentRoot /var/www/frontac

<Directory />
        Options FollowSymLinks
        AllowOverride None

<Directory /var/www/frontac>
        Options FollowSymLinks MultiViews
        AllowOverride None
        Order allow,deny
        allow from all
        DirectoryIndex index.php index.html

### Will possibly affect any other php script in it 
# <Directory /var/www/frontac/sql/>
#   Order Deny,Allow
#   Deny from All
# </Directory>

<IfModule mod_rewrite.c>
        <Location /modules/api/>
                Options -MultiViews
                RewriteEngine on
                RewriteCond %{REQUEST_FILENAME} !-f
                RewriteRule ^ index.php [QSA,L]

# Protect sensitive files.
<FilesMatch "\.(inc|po|sh|.*sql|log)$">
    Order allow,deny
    Deny from All
    Satisfy All

# Disable directory listings.
Options -Indexes

# Set the default index.
DirectoryIndex index.php

<IfModule mod_php5.c>
    php_flag magic_quotes_gpc Off
    php_flag register_globals Off
    php_flag session.use_trans_sid Off

ErrorLog /var/log/apache2/error.log

# Possible values include: debug, info, notice, warn, error, crit,
# alert, emerg.
LogLevel warn

CustomLog /var/log/apache2/access.log combined