Saturday, January 29, 2011

Make website accessible from one ip only

We have about 15 computers with the same ip. We only want the site to be accessible inside our house.

On each page i have this code: 

if ($_SERVER['REMOTE_ADDR'] == 'our ip') {
  content
}

its works but i was just wondering if theres a more elegant,smarter way?

We use WAMP.

From serverfault $pageUsers[$entry.posts[0].author].name

  • if ($_SERVER['REMOTE_ADDR'] <> 'our ip') { die(); }

    // If it is your ip, content will go here

    I don't think if there is any other way.

    : you would have to put that on every php page that serves up a page.
    : And he said he's already doing this and doesn't want to.
    ceejayoz : No other way? A couple lines in the Apache config and he's set.
    From $pageUsers[$post.author].name

  • If you're familiar with CIDR values, its rather simple to deny access to ranges of ip addresses in the .htaccess file. See this form post.

    From

  • We have about 15 computers with the same ip.

    That sounds crazy! I hope it's not really true, or that they're on the same network but have differing IP addresses.

    To make sure your site is accessible from in-house, the best thing to do is to put a firewall on your outside-network-facing host.

    Your solution will work reasonably, though. There are also things you can configure in Apache to bring about the same effect without needing to mess with it in your source code, but I'm not knowledgeable about those techniques.

    From $pageUsers[$post.author].name

  • If it is your own machine I would setup a firewall correctly to only allow connections to port *:80 from this specific IP.

    From Felix

  • You can use Apache's httpd.conf or .htaccess files to configure this on a site-wide or folder-wide basis.

    Order Deny,Allow
Deny from all
Allow from xxx.xxx.xxx.xxx
    From ceejayoz

  • Since you have 15 computers on an internal network you are using NAT and have a router as the gateway to the Internet. The IP that the web server is running is a non-routable IP address (i.e. 192.168.x.x), so unless you configure port forwarding on your router, traffic from the outside should not reach the web server.
    Since security is a concern you could also set up a firewall on the Windows server that only allows traffic from the local networks subnet.
    ceejayoz's suggestion will keep traffic off the Apache server but still allow access to the physical box. If you really want to lock things down then I would implement the suggested configuration in the httpd.conf.

    From bkoch
Posted by Ku XI at 5:34 PM

0 comments:

Post a Comment

Subscribe to: Post Comments (Atom)