Code:
file some-file
Order allow,deny
Deny from all
Allow from good.guy.ip.1
in the site.conf
More than one allow from is allowed and accepts /CIDR notations
Access to the site, yes, it can and should be enforced in the site.conf apache2 system file.
.htaccess is kludgy and a resource killer.
directives in the site.conf are global and are only read once, not every hit, like .htaccess.
No one should have access to the apache2 configuration files themselves. and if installed correctly,
there is nothing to "do" in /etc/apache2/ except
Code:
cd /etc/apache2/
find ! -user root
find ! -group root
see if it's installed correctly from the owner:permissions point of view.
.htaccess tricks and tips...Part I
.htaccess tricks and tips... Part II
Discusses some good stuff and every where it says "htaccess", you have to or should want to utilize it in the site.conf
Here's a practical example for securing Wordpress's wp-login.php area of any site using that software,
Code:
# END WordPress
<Files wp-login.php>
order deny,allow
deny from all
allow from good.guy.ip.1
Allow from good.guy.ip.2
</Files>
Think home, office or office, garage, the "real world" would get locked out here.
good.guy.ip.1 and good.guy.ip.2 would not.
So test it
Code:
write "echo LQRocks" > /var/www/html/secret.file
and in the site.conf implement
Code:
# END WordPress
<Files secret.file>
order deny,allow
deny from all
allow from your.ip
</Files>
then issue
Code:
apache2ctl graceful
If the site is on the internet, go and test it.
You should get a 403 "error". and that is correct.
If it's some else, let us know.
All this is the same info as on
.htaccess tricks and tips...Part I which I have nothing to do with except read there. (Glad it's still up, too!)
Peace.
