Keep Server Online
If you find the Apache Lounge, the downloads and overall help useful, please express your satisfaction with a donation.
or
A donation makes a contribution towards the costs, the time and effort that's going in this site and building.
Thank You! Steffen
Your donations will help to keep this site alive and well, and continuing building binaries. Apache Lounge is not sponsored.
| |
|
 Topic: Apache 2.4 auth require ip limit? |
|
| Author |
|
jeffmong
Joined: 15 Oct 2016
Posts: 2
Location: UK
|
 Posted: Sat 15 Oct '16 11:52 Post subject: Apache 2.4 auth require ip limit? |
 |
|
Hi everyone,
I could quite possibly be going about this completely the wrong way, if so please tell me.
I have recently built a new web server and have migrated to Apache 2.4.18 with php7, this involved some code rewrites with php, clearing out some depreciated commands.
Wanting to do the same for Apache and clean up my code, I see that the new method for ip restriction is with "Require" and no longer "allow from".
I restrict access to a single country, this is currently achieved with this code in the apache2.conf file:
| Code: |
<Directory /var/www/>
Options FollowSymLinks
AllowOverride None
Require all granted
<Limit GET POST>
order deny,allow
allow from xxx.xxx.xxx.xxx/xx
allow from xxx.xxx.xxx.xxx/xx
#Continues for approx 8000 entries...........
deny from all
</Limit>
</Directory>
|
I have removed this from the apache2.conf and put this code into the virtual host for the enabled site:
| Code: |
<Directory "/var/www/">
AuthType Basic
AuthName "Restricted Access"
AuthUserFile /etc/apache2/.htpasswd
<RequireAny>
Require ip xxx.xxx.xxx.xxx/xx
Require ip xxx.xxx.xxx.xxx/xx
Require valid-user
</RequireAny>
</Directory>
|
Now if I leave it with a few ip addresses it will pass the configtest instantly and I can restart apache in seconds,it will work as intended. Those ip address listed get straight through, the others get an authentication box.
The problem occurs when I add the country block of ip's (approx 8000), configtest does pass but takes a minute or 2, and apache restart just does nothing, it never completes, it also doesn't appear to fail, the web server is still accessible so doesn't appear to have even started to restart it.
Am I trying to use the wrong method for this? Is there a limit to the amount of ip's in the require block? |
|
| Back to top |
|
spser
Joined: 29 Aug 2016
Posts: 97
|
| Posted: Sun 16 Oct '16 1:35 Post subject: |
|
|
Require ip 255.45.65.12 23.51.64.84
Require ip 255.45.65.12,23.51.64.84
try |
|
| Back to top |
|
James Blond
Moderator
Joined: 19 Jan 2006
Posts: 7373
Location: Germany, Next to Hamburg
|
| Posted: Wed 19 Oct '16 14:59 Post subject: |
|
|
There is also the chance to allow IP Ranges
Like
192.168.100.0/16 |
|
| Back to top |
|
jeffmong
Joined: 15 Oct 2016
Posts: 2
Location: UK
|
| Posted: Wed 09 Nov '16 19:44 Post subject: |
|
|
| I have tried all different ways of listing the ip addresses, none seem to work with a large ip list, I reverted to using maxmind geoip2 and if not coming from country code allowed, then requesting additional auth. |
|
| Back to top |
|
|
|
|
|
|
