How to only allow certain IPs to hit specific HTML pages?

R

rolinger

Well-Known Member
Feb 13, 2017
55
3
58
Tampa
cPanel Access Level
Root Administrator
I am looking for any Apache or CSF method that will allow me to help better lock down my web server. All my public facing pages are *.HTML pages, all my server processing files are labeled .PHP. Meaning only .PHP files should be accessed by HTML files from my own servers.

At the moment, all of my PHP files have a function that looks for the client IP - if its not one of my servers requesting the PHP page, then spit out an "Invalid Request" page and exit the script.

However, this means the external user is still getting to my web PHP files...which is permitting a connection and server resources.

Is there any method in (preferably) CSF, or even Apache, that will only allow certain IPs to access specific files?
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
Hey there! Inside cPanel there is the IP Blocker tool. Using that interface adds the following code to the local .htaccess file for the user:

Code: 
<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 1.2.3.4
so you could use that template to manually add a list of IPs you don't want to access the site.

As for the firewall level, I don't have any details that would let you do per-domain or per-vhost, as those would be all or nothing.
 
R

rolinger

Well-Known Member
Feb 13, 2017
55
3
58
Tampa
cPanel Access Level
Root Administrator
@cPRex - thanks for the response (again). Can the reverse of that be done...only permit a few IPs, deny the rest?

Code: 
<Files 403.shtml>
order allow,deny
allow from 1.1.1.1, 2.2.2.2, 127.0.0.1l
</Files>

deny from all
As well....how does that target my *.php files only? I am not too proficient with Apache .htaccess files.
 
cPRex

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
17,470
2,843
363
cPanel Access Level
Root Administrator
Sure - something like this would do the trick for PHP files:

Code: 
<Files *.php>
    Order allow,deny
    allow from 1.1.1.1, 1.1.1.2, etc.....
    Deny from all
</Files>
There's much more reading on the .htaccess rules here:

stackoverflow.com

htaccess "order" Deny, Allow, Deny

I would like to allow only one country access, but exclude proxies within this country. This is what I have (shortened version for convenience) <Limit GET POST> order deny,allow deny from all
stackoverflow.com stackoverflow.com
 
You must log in or register to reply here.
Thread starter Similar threads Forum Replies Date
T How to set LFD to send email for WHM/cPanel access alert if the IP in allowed list? Security 1
H Users are allowed to change to any account Security 8
PeteS Allowing HTTP methods PATCH and DELETE in modsecurity Security 3
C Allow only certain countries's IP to access root Security 9
P How To Allow Access To Certain IP Address Security 1
Similar threads
How to set LFD to send email for WHM/cPanel access alert if the IP in allowed list?
Users are allowed to change to any account
Allowing HTTP methods PATCH and DELETE in modsecurity
Allow only certain countries's IP to access root
How To Allow Access To Certain IP Address
Top Bottom