0

I have this .htaccess file (this was the one that came with laravel. The only changes I made were to force https in the URL and the code shown below:

 <IfModule mod_rewrite.c>
     <IfModule mod_negotiation.c>
         Options -MultiViews -Indexes
     </IfModule>

    ...

     RewriteEngine On

    ...

     # This block works perfectly
      RewriteCond %{REQUEST_URI} ^(/phpmyadmin.*)$
      RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx$
      RewriteRule ^(.*)$ /404 [R=301,L]

      # This block doesnt
      RewriteCond %{REQUEST_URI} ^(/processor.*)$
      RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx$
      RewriteRule ^(.*)$ /404 [R=301,L]

 </IfModule>

What I want to achieve is that some of my pages are IP locked. I have achieved this with the first block above.

The second block does not work on blocking all IP address except for the specified when it's EXACTLY the same. It's still accessible to the public.

stprysmqpwcuddakue
  • 3
  • 1

1 Answers1

0

You've put the "blocking" directives in the wrong place - they need to go before the Laravel front-controller (which you appear to have omitted) that presumably precedes these directives.

The first block "works" because URLs of the form /phpmyadmin are presumably mapping to physical files, whereas /processor URLs are not (ie. are "virtual"). You are presumably routing all "virtual" URLs through Laravel, so any mod_rewrite directives that follow are simply ignored. (?)

MrWhite
  • 11,643
  • 4
  • 25
  • 40
  • thank you, it's working now. I cannot express how much of a breather this is, I've been at it since yesterday even when I got home. Thank you for the explanation about the physical files and "virtual" URLs. But now it's not allowing access to the IP I specified. It seems to be blocking all entry. – stprysmqpwcuddakue May 05 '20 at 00:33
  • Nevermind, a quick httpd restart and cache clear did the trick. Thanks! – stprysmqpwcuddakue May 05 '20 at 00:35