apacheubuntuapache2

How to restrict url access with apache to certain IP?


I'm using a apache2 on ubuntu, in front of a tomcat8 webserver. I want to restrict access to localhost/manager to only a specific ip address.

The server is in my internal network and has the ip 102.168.139.111. I want to be able to access the /manager endpoint only from my local machine 192.168.128.222, and from nowhere else.

But the following does not work and I'm always getting a 403 Permission denied. Why?

apache2.conf:

<Location /manager/*>
        Order Allow,Deny
        Deny from  all
        Allow from 192.168.128.197
</Location>

With:

/etc/apache2/sites-available/000-default.conf

<VirtualHost *:80>
    ProxyPreserveHost On

    ProxyPass / http://127.0.0.1:8080/
    ProxyPassReverse / http://127.0.0.1:8080/
</VirtualHost>

Sidenote: taking the <Location...> out will allow access to my local IP as expected. So the server configuration in general seems to be fine. Just restricting does not work.


Solution

  • It's probably an order of statements issue. The following works (on root path):

    <Location />
            Order Deny,Allow
            Deny from all
            Allow from 192.168.
    </Location>