Apache 2.4: Allow access to directory only for ip address range

Question

I want allow access to /htdocs/reserved/ directory only for ip addresses from 192.168.1.193 to 192.168.1.254 (.193 --> .254).

I have written this code in httpd.conf:

<Directory /htdocs/reserved/>
    Order Deny, Allow
    Deny from all
    Allow from 192.168.1.193/254
</Directory>

After stop, Apache won't restarts and raises this exception:

The Apache service named reported the following error: The specified network mask is invalid.

the problem seem the mask 192.168.1.193/254.

I have also tried:

<Directory /htdocs/reserved/>
    Order Deny, Allow
    Deny from all
    Allow from 192.168.1.193 192.168.1.254
</Directory>

it works! apache start, but i'm not sure if all ip addresses in the range are allowed to access to directory or only 192.168.1.193 and 192.168.1.254 are allowed.

The official docs lacks of clear information (or i'm too stupid to understand it).

The question is: what is the right way for allow a ip address range to access in a directory?

side note: i have used private range only for example.

Thanks at all and sorry for my english.

score 7 · Accepted Answer · answered Nov 09 '16 at 20:24

7

Your netmask is wrong. The closest you'll be able to do in a single line is 192.168.1.192/26. Note that that includes the address that ends in 192, not starting at 193. Otherwise, according to https://ip2cidr.com/, you need

192.168.1.193/32
192.168.1.194/31
192.168.1.196/30
192.168.1.200/29
192.168.1.208/28
192.168.1.224/28
192.168.1.240/29
192.168.1.248/30
192.168.1.252/31
192.168.1.254/32

answered Nov 09 '16 at 20:24

stdunbar

186
4

2

https://ip2cidr.com/ is exactly what i was looking for, thanks ! – Lucas Dec 18 '17 at 19:50

Apache 2.4: Allow access to directory only for ip address range

1 Answers1