To allow only certain IP addresses to access a directory, you can leverage various methods depending on the web server you are using. Below, I’ll describe the steps for both Apache HTTP Server and Nginx, which are two of the most commonly used web servers.

1. Apache HTTP Server

To restrict access in an Apache server, you use the `.htaccess` file or the main configuration file (`httpd.conf`). Here’s how to do it using `.htaccess`:

1. .htaccess File Configuration:

Create or edit a `.htaccess` file in the directory you want to protect. Add the following lines to this file: \`\`\`plaintext Order Deny,Allow Deny from all Allow from 192.168.1.100 Allow from 203.0.113.50 \`\`\` In this example, all IP addresses are denied except `192.168.1.100` and `203.0.113.50`. Replace these with the IP addresses you want to allow.

1. Main Configuration File (httpd.conf) Configuration:

Alternatively, you can set similar rules in the main Apache configuration file: \`\`\`plaintext Require ip 192.168.1.100 Require ip 203.0.113.50 \`\`\` This method might be preferable for more complex configurations or for securing directories server-wide.

1. Nginx

For Nginx, you can use the `allow` and `deny` directives to achieve the same result. Here’s how you can configure it:

1. Nginx Configuration File:

Add the following configuration to your server block in `/etc/nginx/nginx.conf` or the specific virtual host file: \`\`\`plaintext location /path/to/directory { deny all; allow 192.168.1.100; allow 203.0.113.50; } \`\`\` This configuration denies access to all IP addresses except for `192.168.1.100` and `203.0.113.50`.

1. Example for Multiple Directories:

If you need to restrict access to multiple directories, you can add multiple location blocks: \`\`\`plaintext location /secure1 { deny all; allow 192.168.1.100; allow 203.0.113.50; } location /secure2 { deny all; allow 192.168.1.200; allow 203.0.113.80; } \`\`\`

1. Sources

1. Apache Documentation: The official Apache HTTP Server documentation is comprehensive and provides extensive details on access control through “.htaccess” and main configuration files.
- [Apache .htaccess Tutorial](https://httpd.apache.org/docs/2.4/howto/htaccess.html)
- [Apache Require Directive](https://httpd.apache.org/docs/2.4/mod/mod_authz_core.html#require)

1. Nginx Documentation: The official Nginx documentation explains the `allow` and `deny` directives for controlling access at various levels.
- [Nginx Access Control](https://docs.nginx.com/nginx/admin-guide/security-controls/controlling-access-proxied-http/)

1. Conclusion

Configuring access controls based on IP addresses can significantly enhance the security of your web directories, ensuring that only authorized users have access. Both Apache and Nginx offer straightforward methods to implement these controls through their respective configuration files. Whether editing the `.htaccess` in Apache or adding rules within the Nginx server block, the principles remain the same: first deny all and then allow specific IP addresses. By following the instructions and referencing the official documentation, you can set up a robust access control mechanism for your web server.

DinoGeek offers simple articles on complex technologies

Would you like to be quoted in this article? It's very simple, contact us at dino@eiki.fr

CSS | NodeJS | DNS | DMARC | MAPI | NNTP | htaccess | PHP | HTTPS | Drupal | WEB3 | LLM | Wordpress | TLD | Domain name | IMAP | TCP | NFT | MariaDB | FTP | Zigbee | NMAP | SNMP | SEO | E-Mail | LXC | HTTP | MangoDB | SFTP | RAG | SSH | HTML | ChatGPT API | OSPF | JavaScript | Docker | OpenVZ | ChatGPT | VPS | ZIMBRA | SPF | UDP | Joomla | IPV6 | BGP | Django | Reactjs | DKIM | VMWare | RSYNC | Python | TFTP | Webdav | FAAS | Apache | IPV4 | LDAP | POP3 | SMTP