Jump to content

htaccess help with allow/disallow ip

benoit1980

By benoit1980
in Apache HTTP Server

 Share

Recommended Posts

benoit1980 Member

benoit1980

Posted
Posted
Hello,

 

 

I am having a real problem with this and would like to know if someone can give me a feedback. Thank you

 

I am developing a website and would like to only let the access to a few people.

I try to lock the website with an "allow" and "disallow" htaccess block but it seems to be slowing down the website a lot.

 

The website at the moment is hard coded with https://

 

I am wodering if the .htaccess is correct. Sometime the pages load non stop and nothing shows up and sometime the pages are showing up.

I remove the htaccess, everything is fine.

 

here is the code:

 

 
<Limit GET POST>
order allow,deny
allow from 89.187.79.200
#The next line modified by DenyIP
#deny from all
</Limit>
Options +FollowSymLinks
 
IndexIgnore */*
 
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*)$ /index.php/$1 [L]
 
<Files 403.shtml>
order deny,allow
deny from all
</Files>
allow from xxx.xx.xx.xxx
###########FaceBook###########
Allow from 31.13.24.0/21
Allow from 31.13.64.0/18
Allow from 66.220.144.0/20
Allow from 69.63.176.0/20
Allow from 69.171.224.0/19
Allow from 74.119.76.0/22
Allow from 103.4.96.0/22
Allow from 173.252.64.0/18
Allow from 204.15.20.0/22
Allow from 2401:db00::/32
Allow from 2620:0:1c00::/40
Allow from 2a03:2880::/32
##########FaceBook############ 
 


 

 

Thanks in advance

 

 

Ben

Link to comment
Share on other sites
  • 6 months later...
gizmola Prolific Member

gizmola

Posted
Posted

Try moving the deny/allow rules from the .htaccess to the vhost config.  Due to the way .htaccess rules are handled, there is substantially more overhead involved.

 

You also have alternatives like:

 

  1. Do your allowing using php code.
  2. Use iptables instead
  3. Use a loadbalancer/proxy like HAProxy that supports ACL

Iptables would be much faster, however, it wouldn't be viable without a specific IP or Port attached to your one vhost.

 

I like to throw in consideration of HAProxy, because sometimes a long term plan will require a load balancer, and you're killing 2 birds with one stone.

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.