Apache2 access limited to local LAN

advertisements

Until recently, I had a bunch of virtual sites set up like so:

<VirtualHost 127.0.0.1:1234>
    ...

This works fine for testing on my local machine, where I use a Linux desktop. In order to test how MS and explorer displays my pages from my Windows laptop, I changed this to

<VirtualHost *:1234>
    ...

Which also works fine, calling the site up from http://[mylinuxservername]:1234 on my laptop's IE. However, I want to restrict that wildcard to the local lan. Plugging in any ip, like 192.nnn.nnn.nnn or 192.*.*.* where the wildcard is above results in 403 Forbidden on the windows machine. The local server still works fine on my Linux box:

<VirtualHost 127.0.0.1:1234 192.*.*.*:1234>
    ...

or

<VirtualHost 127.0.0.1:1234 192.nnn.nnn.nnn:1234> #exact IP of laptop
    ...

Anyway, I don't like that wildcard in the second config example above. Hints anyone?


The parameter(s) of VirtualHost are the local addresses you listen to, not the remote ones.

In Apache 2.4 and newer, use the Require directive:

Require ip 127.0.0.0/8
Require ip 192.0.0.0/8

If you are using Apache 2.2 or earlier, use the authz_host configuration:

Order Allow,Deny
Allow from 127.0.0.0/8
Allow from 192.168.0.0/16

This may also work on Apache 2.4, but Order and Allow have been deprecated.