The access restriction by IP is a main feature of web server like Apache. You can specify easily, whom have access to a page and whom haven't, from the IP.

How to block / allow an IP in .htaccess ?

Apache 2.4
<RequireAll>
    Require all granted
    Require not ip 192.168.1.2
    Require not ip 192.168.1.3
</RequireAll>
Apache older than 2.4
Order allow,deny
Deny from 192.168.1.2
Deny from 192.168.1.3
Allow from all

How to allow specific IP addresses to access the site via .htaccess file?

Apache 2.4
<RequireAny>
    Require ip 192.168.1.2
    Require ip 192.168.1.3
</RequireAny>
Apache older than 2.4
Order deny,allow
Deny from all
Allow from 192.168.1.2
Allow from 192.168.1.3

How to allow / block specific IP behind reverse proxy, load balancer, CDN ?

Behind a reverse proxy, load balancer or a CDN, the IP available in logs is the load balancer / reverse proxy IP. Not the client IP. The client IP information can be found in X-Forwarded-For field, it's from this field that you can check to access restriction.

Apache 2.4
SetEnvIF X-Forwarded-For "192.168.1.2" AllowIP
SetEnvIF X-Forwarded-For "192.168.2.3" AllowIP

<RequireAny>
Require env AllowIP
</RequireAny>
Apache older than 2.4
SetEnvIf X-Forwarded-For 192.168.1.2 allow
SetEnvIf X-Forwarded-For 192.168.1.3 allow
Order deny,allow
Deny from all
Allow from env=allow

More details in official Apache 2 documentation

Next Post Previous Post