Apache htaccess Allow from Dynamic IP Address
Apache web server access control via htaccess, to allow authorized access to web pages.
The Apache directive Allow from make it possible to exclude a specific IP from the login prompt. Unfortunately, it is not possible to pass host names and FQDN. The following script reads the Dynamic IP of a hostname and add them into the file htaccess.
The following shell script resolve the IP address and write them into the htaccess file. Insert the following lines out from console with copy & paste, so that the script file is created.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
cat << EOF > ./allow_myhost.sh #!/bin/sh htpath="/var/www/blog/" grep -lr "#DDNS" $htpath | while read i; do sed -i '/#DDNS-IP$/d' $i grep -i "#DDNS$" $i | while read j; do words=( $j ) ddns="${words[2]}" ip="$(host $ddns)" if [ "$ip" == "${ip%% has address *}" ]; then continue; fi ip="${ip##* has address }" sed -i 's/^\('"$j"'\)$/\1\nAllow from '"$ip"' #DDNS-IP/' $i done done EOF |
Copy Paste
The script here on a CentOS host rewrites the htaccess file. The line Allow from with the tag #DDNS reads the host name, and the host’s resolved IP is written on the next line with the tag #DDNS-IP. The path variable htpath can be DocumentRoot or a subdirectory, whereby the script edits all occurring .htaccess files recursively from htpath.
The file htaccess is stored in the web directory to be protected. Using cd to switch to the desired directory and insert the following lines will copy & paste out from the console, this generates the file .htaccess.
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
cat << EOF > .htaccess AuthName "A Blog" AuthType Basic AuthUserFile /home/jonny/.htpasswd AuthGroupFile /dev/null Order deny,allow Deny from all require valid-user Allow from myhome.dyndns.org #DDNS Allow from 123.123.123.123 #DDNS-IP Satisfy Any EOF |
Copy Paste
The rows with #DDNS and #DDNS-IP (#) use to tagging.
The script has yet to be made executable.
|
1 2 |
chmod 755 allow_myhost.sh |
Keep the dynamic IP resolution up to date with crontab -e to create a cron job.
|
1 2 |
*/5 * * root /home/jonny/allow_myhome.sh >/dev/null 2>&1 |
Older Linux need to restart the cron daemon to the cron job come active.
|
1 2 |
service crond restart |
Note. Apache 2.4 directive Require
Apache 2.x directive Allow from
Apache 2.x mod_access_compat
|
1 2 3 |
Order deny,allow Deny from all |
Apache 2.4 mod_authz_host
|
1 2 |
Require all denied |
The directives Allow Deny provided by mod_access_compat are deprecated and will no longer be supported in the future release. It is recommended to use the new directives.
