logo
Apache Lounge
Webmasters

 

About Forum Index Downloads Search Register Log in RSS X


Keep Server Online

If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.

or

Bitcoin

A donation makes a contribution towards the costs, the time and effort that's going in this site and building.

Thank You! Steffen

Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
Post new topic   Forum Index -> Apache View previous topic :: View next topic
Reply to topic   Topic: Apache 2.4 auth require ip limit?
Author
jeffmong



Joined: 15 Oct 2016
Posts: 2
Location: UK

PostPosted: Sat 15 Oct '16 11:52    Post subject: Apache 2.4 auth require ip limit? Reply with quote

Hi everyone,

I could quite possibly be going about this completely the wrong way, if so please tell me.

I have recently built a new web server and have migrated to Apache 2.4.18 with php7, this involved some code rewrites with php, clearing out some depreciated commands.
Wanting to do the same for Apache and clean up my code, I see that the new method for ip restriction is with "Require" and no longer "allow from".

I restrict access to a single country, this is currently achieved with this code in the apache2.conf file:

Code:

<Directory /var/www/>
    Options  FollowSymLinks
    AllowOverride None
    Require all granted
    <Limit GET POST>
        order deny,allow
        allow from xxx.xxx.xxx.xxx/xx
        allow from xxx.xxx.xxx.xxx/xx
        #Continues for approx 8000 entries...........
        deny from all
    </Limit>
</Directory>


I have removed this from the apache2.conf and put this code into the virtual host for the enabled site:

Code:

<Directory "/var/www/">
    AuthType Basic
    AuthName "Restricted Access"
    AuthUserFile /etc/apache2/.htpasswd
    <RequireAny>
        Require ip xxx.xxx.xxx.xxx/xx
        Require ip xxx.xxx.xxx.xxx/xx
        Require valid-user
    </RequireAny>
</Directory>


Now if I leave it with a few ip addresses it will pass the configtest instantly and I can restart apache in seconds,it will work as intended. Those ip address listed get straight through, the others get an authentication box.

The problem occurs when I add the country block of ip's (approx 8000), configtest does pass but takes a minute or 2, and apache restart just does nothing, it never completes, it also doesn't appear to fail, the web server is still accessible so doesn't appear to have even started to restart it.

Am I trying to use the wrong method for this? Is there a limit to the amount of ip's in the require block?
Back to top
spser



Joined: 29 Aug 2016
Posts: 97

PostPosted: Sun 16 Oct '16 1:35    Post subject: Reply with quote

Require ip 255.45.65.12 23.51.64.84

Require ip 255.45.65.12,23.51.64.84
try
Back to top
James Blond
Moderator


Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg

PostPosted: Wed 19 Oct '16 14:59    Post subject: Reply with quote

There is also the chance to allow IP Ranges

Like

192.168.100.0/16
Back to top
jeffmong



Joined: 15 Oct 2016
Posts: 2
Location: UK

PostPosted: Wed 09 Nov '16 19:44    Post subject: Reply with quote

I have tried all different ways of listing the ip addresses, none seem to work with a large ip list, I reverted to using maxmind geoip2 and if not coming from country code allowed, then requesting additional auth.
Back to top


Reply to topic   Topic: Apache 2.4 auth require ip limit? View previous topic :: View next topic
Post new topic   Forum Index -> Apache