Articles in this section

See more

How to allow access to a website directory from specific IP address only?

Avatar
Maxim Krasikov
Updated
Follow

Applicable to:

  • Plesk Onyx for Linux

Question

How to allow access to a website directory from specific IP address only?

Answer

Using Plesk GUI

  • If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management:

    1. Log into Plesk.

    2. Open Domains > example.com > Apache & nginx Settings.

    3. Add the following in Additional nginx directives section, where 203.0.113.2 - IP address from which access to a directory should be allowed.:

      CONFIG_TEXT: location ^~ /exampledirectory {
      allow 203.0.113.2;
      deny all;
      }

  • If Reverse Proxy Server (nginx) is enabled in Tools & Settings > Services Management and PHP handled by nginx in Domains > example.com > PHP Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed:

    1. Log into Plesk.

    2. Open Domains > example.com > Apache & nginx Settings.

    3. Add the following in Additional nginx directives section:

      CONFIG_TEXT: location / {
      try_files $uri $uri/ /index.php;
      }
      location ^~ /exampledirectory {
      allow 203.0.113.2;
      deny all; location /exampledirectory/ {
      index index.php; }
      location ~ ^/~(.+?)(/.?.php)(/.)?$ { alias /var/www/vhosts/example.com/web_users/$1/$2;
      fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
      fastcgi_param PATH_INFO $fastcgi_path_info;
      fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
      include /etc/nginx/fastcgi.conf;
      }
      location ~ .php(/.*)?$ {
      fastcgi_split_path_info ^((?U).+.php)(/?.+)$;
      fastcgi_param PATH_INFO $fastcgi_path_info;
      fastcgi_pass "unix:///var/www/vhosts/system/example.com/php-fpm.sock";
      include /etc/nginx/fastcgi.conf;
      }
      }

  • If Reverse Proxy Server (nginx) is disabled in Tools & Settings > Services Management

    1. Log into Plesk.

    2. Open Domains > example.com > Apache & nginx Settings, where 203.0.113.2 - IP address from which access to a directory should be allowed.

    3. Add the following to Additional Apache directives section:

      CONFIG_TEXT: <Location "/exampledirectory">
      Order Deny,Allow
      Deny from all
      Allow from 203.0.113.2
      </Location>

Directly on the server

  1. Connect to the server via SSH.

  2. Find what version of Apache Web Server is installed on the server:

    • for CentOS/RHEL-based distributions:

      # httpd -v | grep version
      Server version: Apache/2.2.15 (Unix)

    • for Debian/Ubuntu-based distributions:

      # apache2 -v | grep version
      Server version: Apache/2.4.18 (Ubuntu)

  3. Check that "authz_host_module" is installed and enabled:

    • for CentOS/RHEL-based distributions:

      # httpd -M | grep 'authz_host_module'
      authz_host_module (shared)

    • for Debian/Ubuntu-based distributions:

      # apache2ctl -M | grep 'authz_host'
      authz_host_module (shared)

  4. Create ".htaccess" file in the directory where access should be restricted, for example /var/www/vhosts/example.com/httpdocs/exampledirectory/.htaccess using a text editor and add the following content:

    • For Apache Web Server version lesser than 2.4:

      CONFIG_TEXT: Order Deny,Allow
      Deny from all
      Allow from 203.0.113.2
      Allow from 203.0.113.3

    • For Apache Web Server 2.4 and greater:

      CONFIG_TEXT: <IfModule mod_authz_host.c>
      <RequireAny>
      Require ip 203.0.113.2
      Require ip 203.0.113.3
      </RequireAny>
      </IfModule>

    Note: make sure that you add correct IP address to the allow list. The actual IP address you are using to access the site from, can be seen at https://ifconfig.co/

Comments

0 comments

Please sign in to leave a comment.

Have more questions? Submit a request

Related articles