It’s easy as pie to get Apache serving something exciting, but at times, the joy of a running web server needs to be curbed by the stern eye of security. We’ll take a quick look at how to enable hostname or IP access control, creating a set of acceptance or denial rules for content we want restricted.
While Apache can certainly handle authenticated access control, we’re only going to touch on the location-based side of it for this hack (we get to usernames and passwords in our next one). To protect our Apache server, we’re going to open httpd.conf [Hack #89] with our favorite text editorand modify (or define) the directory we want protected. In our example, we’re going to protect the entire web server, so we’ll look for our document root, which should look something like this:
<Directory "/Library/WebServer/Documents"> Options Indexes FollowSymLinks MultiViews AllowOverride None Order Allow,Deny Allow from all </Directory>
Quite simply, the
Order Allow,Deny and
Allow from all lines are the magic that will stop
outside visitors from perusing our site. Right now, as these lines
stand, we’re wide open to the public. This is what
we’re going to end up
<Directory "/Library/WebServer/Documents"> Options Includes FollowSymLinks MultiViews AllowOverride None
Deny from all
Allow from gatesmcfaddenco.org</Directory>
See what we’ve done here? The first thing we did was
Order directive. This tells Apache ...