How do I require an IP range instead of 1 IP?Cannot get HTTPD 2.4 to start when using the Require IP command for access controlWhat does Apache's “Require all granted” really do?When using HTTPS Index.html showing instead of ProxyPass reverse proxied site on Centos 7 Apache 2Why am I serving up SimplyClassicRemodeling.com instead of redirecting to CJSHayward.com?Apache 2.4 require all not workingAllow multiple IPs with the Require directive in Apache 2.4Apache VirtualDocumentRoot as a variableApache config file does not handle URLs correctlyWhich Apache 2.4 directives require a full restart?How to configure <Location> Directive specific to a Location/Directory on Apache Server and not on Server Level?You don't have permission to access when to set two name-based web sites on a single IP address in apache
What is the offset in a seaplane's hull?
Dragon forelimb placement
"to be prejudice towards/against someone" vs "to be prejudiced against/towards someone"
Why does Kotter return in Welcome Back Kotter?
What's the point of deactivating Num Lock on login screens?
Languages that we cannot (dis)prove to be Context-Free
To string or not to string
Why doesn't H₄O²⁺ exist?
Fencing style for blades that can attack from a distance
Do I have a twin with permutated remainders?
If I cast Expeditious Retreat, can I Dash as a bonus action on the same turn?
Why don't electron-positron collisions release infinite energy?
Why Is Death Allowed In the Matrix?
What does "Puller Prush Person" mean?
Prove that NP is closed under karp reduction?
Why do I get two different answers for this counting problem?
Why doesn't Newton's third law mean a person bounces back to where they started when they hit the ground?
Which models of the Boeing 737 are still in production?
Why are 150k or 200k jobs considered good when there are 300k+ births a month?
TGV timetables / schedules?
Test if tikzmark exists on same page
Font hinting is lost in Chrome-like browsers (for some languages )
Why dont electromagnetic waves interact with each other?
Can an x86 CPU running in real mode be considered to be basically an 8086 CPU?
How do I require an IP range instead of 1 IP?
Cannot get HTTPD 2.4 to start when using the Require IP command for access controlWhat does Apache's “Require all granted” really do?When using HTTPS Index.html showing instead of ProxyPass reverse proxied site on Centos 7 Apache 2Why am I serving up SimplyClassicRemodeling.com instead of redirecting to CJSHayward.com?Apache 2.4 require all not workingAllow multiple IPs with the Require directive in Apache 2.4Apache VirtualDocumentRoot as a variableApache config file does not handle URLs correctlyWhich Apache 2.4 directives require a full restart?How to configure <Location> Directive specific to a Location/Directory on Apache Server and not on Server Level?You don't have permission to access when to set two name-based web sites on a single IP address in apache
.everyoneloves__top-leaderboard:empty,.everyoneloves__mid-leaderboard:empty,.everyoneloves__bot-mid-leaderboard:empty height:90px;width:728px;box-sizing:border-box;
My IP changes do a different D class, so I want to set a range:
123.123.123.xxx where the last segment can be 0-255.
Right now, Apache says:
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
apache-2.4
edited May 15 '17 at 9:13
Raptor
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
add a comment |
My IP changes do a different D class, so I want to set a range:
123.123.123.xxx where the last segment can be 0-255.
Right now, Apache says:
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
apache-2.4
edited May 15 '17 at 9:13
Raptor
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
add a comment |
My IP changes do a different D class, so I want to set a range:
123.123.123.xxx where the last segment can be 0-255.
Right now, Apache says:
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
apache-2.4
edited May 15 '17 at 9:13
Raptor
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
My IP changes do a different D class, so I want to set a range:
123.123.123.xxx where the last segment can be 0-255.
Right now, Apache says:
<RequireAny>
Require ip 127.0.0.1
Require ip ::1
</RequireAny>
apache-2.4
apache-2.4
edited May 15 '17 at 9:13
Raptor
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
edited May 15 '17 at 9:13
Raptor
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
edited May 15 '17 at 9:13
Raptor
47011032
edited May 15 '17 at 9:13
Raptor
47011032
edited May 15 '17 at 9:13
Raptor
47011032
47011032
asked Apr 14 '15 at 3:51
user281497user281497
66113
asked Apr 14 '15 at 3:51
user281497user281497
66113
asked Apr 14 '15 at 3:51
user281497user281497
66113
66113
add a comment |
add a comment |
5 Answers
5
active
oldest
votes
Firstly, I'm going to assume you mean Apache 2.4 despite the "apache-2.2" tag since the syntax you've posted is from 2.4.
From the Apache documentation:
ip.address is an IP address, a partial IP address, a network/netmask pair, or a
network/nnn CIDR specification.
I assume you mean you wish to allow a /24 since Class D is Multicast addresses, and classful networking died in the 90's. To allow a /24, you can use any of the following:
Require ip 123.123.123
Require ip 123.123.123.0/255.255.255.0
Require ip 123.123.123.0/24
Personally, I find the last to be less ambiguous than the first, and easier to read than the second.
You may find this section of the documentation useful: http://httpd.apache.org/docs/2.4/howto/access.html#host
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: WhileRequirehas limited support in Apache 2.2, Apache 2.2 does not support eitherRequire ipor<RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using theRequiredirective and the related container directives, such as<RequireAll>." The former are among those improvements added to Apache 2.4.
– Colt
May 25 '16 at 3:34
add a comment |
In Apache 2.2 and below, you could work with:
Order deny,allow
Deny from all
Allow from 24.18 # allow access from home
Allow from 162.12 # allow access from work
in your .htacess, directly on base level (not within any <directive>).
As of Apache 2.4 and above, here you go:
<RequireAny>
#IPv4 range at my work
Require ip 207.100
#IPv4 range I usually get through my mobile provider
Require ip 29.11
#IPv6 from home
Require ip 2a02:4126:2aa4::/48
</RequireAny>
(all numbers fictional, no worries ;-).
I am using this for many years now, to shield my backend folders against 99% of potential users. (Working very well, unless you are an avid blogger while travelling. If you are a gmail user: “last account activity” Link at the very bottom is a comfy way to figure out your own “IP habbits”).
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
What's the difference betweenRequire ip 2a02:4126:2aa4::/48andRequire ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.
– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
add a comment |
Noting that you have now confirmed using Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.
To deal with this in Apache 2.2, you will probably need to do something like:
Order allow,deny
Allow from 123.123.123
which will get the whole range specified.
edited Apr 13 '17 at 12:14
Community♦
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
add a comment |
Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local. Other authorization types may also be used but may require that additional authorization modules be loaded.
These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.
Since v2.4.8, expressions are supported within the host require directives.
Require ip
The ip provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip ip-address is specified, then the request is allowed access if the IP address matches.
A full IP address:
Require ip 10.1.2.3
Require ip 192.168.1.104 192.168.1.205
An IP address of a host allowed access
A partial IP address:
Require ip 10.1
Require ip 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair:
Require ip 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification:
Require ip 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Note that the last three examples above match exactly the same set of hosts.
IPv6 addresses and IPv6 subnets can be specified as shown below:
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8:1:1::a
Require ip 2001:db8:2:1::/64
Require ip 2001:db8:3::/48
Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.
Source: https://httpd.apache.org/docs/trunk/mod/mod_authz_host.html
edited May 11 '18 at 5:02
BlueCacti
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
add a comment |
Note: I am leaving this here as others might benefit from it; it is not a direct answer to the question.
For example:
Require ip 192.168.100.0/22
works, while
Require ip 192.168.100.0/22 #localnetwork
fails!
Restarting httpd outputs:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
So, it seems that no comments are allowed on that line.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
add a comment |
Your Answer
StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);
StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);
else
createEditor();
);
function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
autoActivateHeartbeat: false,
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);
);
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f682490%2fhow-do-i-require-an-ip-range-instead-of-1-ip%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
5 Answers
5
active
oldest
votes
5 Answers
5
active
oldest
votes
active
oldest
votes
active
oldest
votes
Firstly, I'm going to assume you mean Apache 2.4 despite the "apache-2.2" tag since the syntax you've posted is from 2.4.
From the Apache documentation:
ip.address is an IP address, a partial IP address, a network/netmask pair, or a
network/nnn CIDR specification.
I assume you mean you wish to allow a /24 since Class D is Multicast addresses, and classful networking died in the 90's. To allow a /24, you can use any of the following:
Require ip 123.123.123
Require ip 123.123.123.0/255.255.255.0
Require ip 123.123.123.0/24
Personally, I find the last to be less ambiguous than the first, and easier to read than the second.
You may find this section of the documentation useful: http://httpd.apache.org/docs/2.4/howto/access.html#host
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: WhileRequirehas limited support in Apache 2.2, Apache 2.2 does not support eitherRequire ipor<RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using theRequiredirective and the related container directives, such as<RequireAll>." The former are among those improvements added to Apache 2.4.
– Colt
May 25 '16 at 3:34
add a comment |
Firstly, I'm going to assume you mean Apache 2.4 despite the "apache-2.2" tag since the syntax you've posted is from 2.4.
From the Apache documentation:
ip.address is an IP address, a partial IP address, a network/netmask pair, or a
network/nnn CIDR specification.
I assume you mean you wish to allow a /24 since Class D is Multicast addresses, and classful networking died in the 90's. To allow a /24, you can use any of the following:
Require ip 123.123.123
Require ip 123.123.123.0/255.255.255.0
Require ip 123.123.123.0/24
Personally, I find the last to be less ambiguous than the first, and easier to read than the second.
You may find this section of the documentation useful: http://httpd.apache.org/docs/2.4/howto/access.html#host
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: WhileRequirehas limited support in Apache 2.2, Apache 2.2 does not support eitherRequire ipor<RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using theRequiredirective and the related container directives, such as<RequireAll>." The former are among those improvements added to Apache 2.4.
– Colt
May 25 '16 at 3:34
add a comment |
Firstly, I'm going to assume you mean Apache 2.4 despite the "apache-2.2" tag since the syntax you've posted is from 2.4.
From the Apache documentation:
ip.address is an IP address, a partial IP address, a network/netmask pair, or a
network/nnn CIDR specification.
I assume you mean you wish to allow a /24 since Class D is Multicast addresses, and classful networking died in the 90's. To allow a /24, you can use any of the following:
Require ip 123.123.123
Require ip 123.123.123.0/255.255.255.0
Require ip 123.123.123.0/24
Personally, I find the last to be less ambiguous than the first, and easier to read than the second.
You may find this section of the documentation useful: http://httpd.apache.org/docs/2.4/howto/access.html#host
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
Firstly, I'm going to assume you mean Apache 2.4 despite the "apache-2.2" tag since the syntax you've posted is from 2.4.
From the Apache documentation:
ip.address is an IP address, a partial IP address, a network/netmask pair, or a
network/nnn CIDR specification.
I assume you mean you wish to allow a /24 since Class D is Multicast addresses, and classful networking died in the 90's. To allow a /24, you can use any of the following:
Require ip 123.123.123
Require ip 123.123.123.0/255.255.255.0
Require ip 123.123.123.0/24
Personally, I find the last to be less ambiguous than the first, and easier to read than the second.
You may find this section of the documentation useful: http://httpd.apache.org/docs/2.4/howto/access.html#host
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
answered Apr 14 '15 at 4:13
fukawi2fukawi2
4,38731846
4,38731846
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: WhileRequirehas limited support in Apache 2.2, Apache 2.2 does not support eitherRequire ipor<RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using theRequiredirective and the related container directives, such as<RequireAll>." The former are among those improvements added to Apache 2.4.
– Colt
May 25 '16 at 3:34
add a comment |
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: WhileRequirehas limited support in Apache 2.2, Apache 2.2 does not support eitherRequire ipor<RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using theRequiredirective and the related container directives, such as<RequireAll>." The former are among those improvements added to Apache 2.4.
– Colt
May 25 '16 at 3:34
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
So this won't work on Apache 2.2? phpMyAdmin works on both 2.2 and 2.4 and I just checked to see what this server was running and it's 2.2
– user281497
Apr 14 '15 at 4:29
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
Unless something has been backported to enable it, I've never seen that syntax in 2.2 config files.
– fukawi2
Apr 14 '15 at 5:56
@fukawi2 - Yes, you are of course correct. For user281497: While
Require has limited support in Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.– Colt
May 25 '16 at 3:34
@fukawi2 - Yes, you are of course correct. For user281497: While
Require has limited support in Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.– Colt
May 25 '16 at 3:34
add a comment |
In Apache 2.2 and below, you could work with:
Order deny,allow
Deny from all
Allow from 24.18 # allow access from home
Allow from 162.12 # allow access from work
in your .htacess, directly on base level (not within any <directive>).
As of Apache 2.4 and above, here you go:
<RequireAny>
#IPv4 range at my work
Require ip 207.100
#IPv4 range I usually get through my mobile provider
Require ip 29.11
#IPv6 from home
Require ip 2a02:4126:2aa4::/48
</RequireAny>
(all numbers fictional, no worries ;-).
I am using this for many years now, to shield my backend folders against 99% of potential users. (Working very well, unless you are an avid blogger while travelling. If you are a gmail user: “last account activity” Link at the very bottom is a comfy way to figure out your own “IP habbits”).
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
What's the difference betweenRequire ip 2a02:4126:2aa4::/48andRequire ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.
– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
add a comment |
In Apache 2.2 and below, you could work with:
Order deny,allow
Deny from all
Allow from 24.18 # allow access from home
Allow from 162.12 # allow access from work
in your .htacess, directly on base level (not within any <directive>).
As of Apache 2.4 and above, here you go:
<RequireAny>
#IPv4 range at my work
Require ip 207.100
#IPv4 range I usually get through my mobile provider
Require ip 29.11
#IPv6 from home
Require ip 2a02:4126:2aa4::/48
</RequireAny>
(all numbers fictional, no worries ;-).
I am using this for many years now, to shield my backend folders against 99% of potential users. (Working very well, unless you are an avid blogger while travelling. If you are a gmail user: “last account activity” Link at the very bottom is a comfy way to figure out your own “IP habbits”).
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
What's the difference betweenRequire ip 2a02:4126:2aa4::/48andRequire ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.
– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
add a comment |
In Apache 2.2 and below, you could work with:
Order deny,allow
Deny from all
Allow from 24.18 # allow access from home
Allow from 162.12 # allow access from work
in your .htacess, directly on base level (not within any <directive>).
As of Apache 2.4 and above, here you go:
<RequireAny>
#IPv4 range at my work
Require ip 207.100
#IPv4 range I usually get through my mobile provider
Require ip 29.11
#IPv6 from home
Require ip 2a02:4126:2aa4::/48
</RequireAny>
(all numbers fictional, no worries ;-).
I am using this for many years now, to shield my backend folders against 99% of potential users. (Working very well, unless you are an avid blogger while travelling. If you are a gmail user: “last account activity” Link at the very bottom is a comfy way to figure out your own “IP habbits”).
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
In Apache 2.2 and below, you could work with:
Order deny,allow
Deny from all
Allow from 24.18 # allow access from home
Allow from 162.12 # allow access from work
in your .htacess, directly on base level (not within any <directive>).
As of Apache 2.4 and above, here you go:
<RequireAny>
#IPv4 range at my work
Require ip 207.100
#IPv4 range I usually get through my mobile provider
Require ip 29.11
#IPv6 from home
Require ip 2a02:4126:2aa4::/48
</RequireAny>
(all numbers fictional, no worries ;-).
I am using this for many years now, to shield my backend folders against 99% of potential users. (Working very well, unless you are an avid blogger while travelling. If you are a gmail user: “last account activity” Link at the very bottom is a comfy way to figure out your own “IP habbits”).
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
answered Mar 7 '17 at 9:55
Frank NockeFrank Nocke
371413
371413
What's the difference betweenRequire ip 2a02:4126:2aa4::/48andRequire ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.
– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
add a comment |
What's the difference betweenRequire ip 2a02:4126:2aa4::/48andRequire ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.
– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
What's the difference between
Require ip 2a02:4126:2aa4::/48 and Require ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.– Geremia
Sep 22 '17 at 0:30
What's the difference between
Require ip 2a02:4126:2aa4::/48 and Require ip 2a02:4126:2aa4::? Both don't produce syntax errors for me, but only the former works.– Geremia
Sep 22 '17 at 0:30
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
Is it because 2a02:4126:2aa4:: = 2a02:4126:2aa4:0000:0000:0000:0000:0000, whereas 2a02:4126:2aa4::/48 matches all addresses that begin with 2a02:4126:2aa4?
– Geremia
Sep 22 '17 at 2:10
add a comment |
Noting that you have now confirmed using Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.
To deal with this in Apache 2.2, you will probably need to do something like:
Order allow,deny
Allow from 123.123.123
which will get the whole range specified.
edited Apr 13 '17 at 12:14
Community♦
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
add a comment |
Noting that you have now confirmed using Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.
To deal with this in Apache 2.2, you will probably need to do something like:
Order allow,deny
Allow from 123.123.123
which will get the whole range specified.
edited Apr 13 '17 at 12:14
Community♦
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
add a comment |
Noting that you have now confirmed using Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.
To deal with this in Apache 2.2, you will probably need to do something like:
Order allow,deny
Allow from 123.123.123
which will get the whole range specified.
edited Apr 13 '17 at 12:14
Community♦
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
Noting that you have now confirmed using Apache 2.2, Apache 2.2 does not support either Require ip or <RequireAny>. As noted in the Overview of new features in Apache HTTP Server 2.4, "Advanced authorization logic may now be specified using the Require directive and the related container directives, such as <RequireAll>." The former are among those improvements added to Apache 2.4.
To deal with this in Apache 2.2, you will probably need to do something like:
Order allow,deny
Allow from 123.123.123
which will get the whole range specified.
edited Apr 13 '17 at 12:14
Community♦
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
edited Apr 13 '17 at 12:14
Community♦
1
1
answered May 25 '16 at 3:40
ColtColt
1,52951320
answered May 25 '16 at 3:40
ColtColt
1,52951320
answered May 25 '16 at 3:40
ColtColt
1,52951320
1,52951320
add a comment |
add a comment |
Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local. Other authorization types may also be used but may require that additional authorization modules be loaded.
These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.
Since v2.4.8, expressions are supported within the host require directives.
Require ip
The ip provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip ip-address is specified, then the request is allowed access if the IP address matches.
A full IP address:
Require ip 10.1.2.3
Require ip 192.168.1.104 192.168.1.205
An IP address of a host allowed access
A partial IP address:
Require ip 10.1
Require ip 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair:
Require ip 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification:
Require ip 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Note that the last three examples above match exactly the same set of hosts.
IPv6 addresses and IPv6 subnets can be specified as shown below:
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8:1:1::a
Require ip 2001:db8:2:1::/64
Require ip 2001:db8:3::/48
Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.
Source: https://httpd.apache.org/docs/trunk/mod/mod_authz_host.html
edited May 11 '18 at 5:02
BlueCacti
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
add a comment |
Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local. Other authorization types may also be used but may require that additional authorization modules be loaded.
These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.
Since v2.4.8, expressions are supported within the host require directives.
Require ip
The ip provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip ip-address is specified, then the request is allowed access if the IP address matches.
A full IP address:
Require ip 10.1.2.3
Require ip 192.168.1.104 192.168.1.205
An IP address of a host allowed access
A partial IP address:
Require ip 10.1
Require ip 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair:
Require ip 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification:
Require ip 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Note that the last three examples above match exactly the same set of hosts.
IPv6 addresses and IPv6 subnets can be specified as shown below:
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8:1:1::a
Require ip 2001:db8:2:1::/64
Require ip 2001:db8:3::/48
Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.
Source: https://httpd.apache.org/docs/trunk/mod/mod_authz_host.html
edited May 11 '18 at 5:02
BlueCacti
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
add a comment |
Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local. Other authorization types may also be used but may require that additional authorization modules be loaded.
These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.
Since v2.4.8, expressions are supported within the host require directives.
Require ip
The ip provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip ip-address is specified, then the request is allowed access if the IP address matches.
A full IP address:
Require ip 10.1.2.3
Require ip 192.168.1.104 192.168.1.205
An IP address of a host allowed access
A partial IP address:
Require ip 10.1
Require ip 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair:
Require ip 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification:
Require ip 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Note that the last three examples above match exactly the same set of hosts.
IPv6 addresses and IPv6 subnets can be specified as shown below:
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8:1:1::a
Require ip 2001:db8:2:1::/64
Require ip 2001:db8:3::/48
Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.
Source: https://httpd.apache.org/docs/trunk/mod/mod_authz_host.html
edited May 11 '18 at 5:02
BlueCacti
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
Apache's Require directive is used during the authorization phase to ensure that a user is allowed or denied access to a resource. mod_authz_host extends the authorization types with ip, host, forward-dns and local. Other authorization types may also be used but may require that additional authorization modules be loaded.
These authorization providers affect which hosts can access an area of the server. Access can be controlled by hostname, IP Address, or IP Address range.
Since v2.4.8, expressions are supported within the host require directives.
Require ip
The ip provider allows access to the server to be controlled based on the IP address of the remote client. When Require ip ip-address is specified, then the request is allowed access if the IP address matches.
A full IP address:
Require ip 10.1.2.3
Require ip 192.168.1.104 192.168.1.205
An IP address of a host allowed access
A partial IP address:
Require ip 10.1
Require ip 10 172.20 192.168.2
The first 1 to 3 bytes of an IP address, for subnet restriction.
A network/netmask pair:
Require ip 10.1.0.0/255.255.0.0
A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.
A network/nnn CIDR specification:
Require ip 10.1.0.0/16
Similar to the previous case, except the netmask consists of nnn high-order 1 bits.
Note that the last three examples above match exactly the same set of hosts.
IPv6 addresses and IPv6 subnets can be specified as shown below:
Require ip 2001:db8::a00:20ff:fea7:ccea
Require ip 2001:db8:1:1::a
Require ip 2001:db8:2:1::/64
Require ip 2001:db8:3::/48
Note: As the IP addresses are parsed on startup, expressions are not evaluated at request time.
Source: https://httpd.apache.org/docs/trunk/mod/mod_authz_host.html
edited May 11 '18 at 5:02
BlueCacti
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
edited May 11 '18 at 5:02
BlueCacti
1671111
edited May 11 '18 at 5:02
BlueCacti
1671111
edited May 11 '18 at 5:02
BlueCacti
1671111
1671111
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
answered Jan 21 '17 at 6:19
mohsen nazarimohsen nazari
21
21
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
add a comment |
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
5
5
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
Please don't just copy&paste other peoples work. This is called plagiarism.
– Gerald Schneider
Jan 21 '17 at 7:15
add a comment |
Note: I am leaving this here as others might benefit from it; it is not a direct answer to the question.
For example:
Require ip 192.168.100.0/22
works, while
Require ip 192.168.100.0/22 #localnetwork
fails!
Restarting httpd outputs:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
So, it seems that no comments are allowed on that line.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
add a comment |
Note: I am leaving this here as others might benefit from it; it is not a direct answer to the question.
For example:
Require ip 192.168.100.0/22
works, while
Require ip 192.168.100.0/22 #localnetwork
fails!
Restarting httpd outputs:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
So, it seems that no comments are allowed on that line.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
add a comment |
Note: I am leaving this here as others might benefit from it; it is not a direct answer to the question.
For example:
Require ip 192.168.100.0/22
works, while
Require ip 192.168.100.0/22 #localnetwork
fails!
Restarting httpd outputs:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
So, it seems that no comments are allowed on that line.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Note: I am leaving this here as others might benefit from it; it is not a direct answer to the question.
For example:
Require ip 192.168.100.0/22
works, while
Require ip 192.168.100.0/22 #localnetwork
fails!
Restarting httpd outputs:
Job for httpd.service failed because the control process exited with error code. See "systemctl status httpd.service" and "journalctl -xe" for details.
So, it seems that no comments are allowed on that line.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
answered Apr 3 at 18:31
Sorin NegulescuSorin Negulescu
1
1
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
New contributor
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
Sorin Negulescu is a new contributor to this site. Take care in asking for clarification, commenting, and answering.
Check out our Code of Conduct.
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
add a comment |
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
1
1
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
Comments are not allowed anywhere inside a configuration line, see httpd.apache.org/docs/2.4/configuring.html : "Lines that begin with the hash character "#" are considered comments, and are ignored. Comments may not be included on the same line as a configuration directive. "
– Patrick Mevzek
Apr 3 at 19:04
add a comment |
Thanks for contributing an answer to Server Fault!
- Please be sure to answer the question. Provide details and share your research!
But avoid …
- Asking for help, clarification, or responding to other answers.
- Making statements based on opinion; back them up with references or personal experience.
To learn more, see our tips on writing great answers.
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f682490%2fhow-do-i-require-an-ip-range-instead-of-1-ip%23new-answer', 'question_page');
);
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
Required, but never shown
