Block Apache to outsiders using mod_rewrite

Most likely vulnerable to something (IP spoofing, anyone?), so use with a grain of salt and close your network instead.

Though I’m sure its rarely necessary, I’m going to post this bit of mod_rewrite magic that took me quite a while to sort out (this is the only syntax that would work for me). What it does is bounce (because I like being a smart-ass) any request made to Apache unless it is made from the local network (subnet/intranet access only). I figure there has to be a few Mac users sharing their ethernet connection over AirPort. Though I’m not certain that can be done with PPoE…

This has not been tested on a server accessible to outsiders, but I’ll do that before releasing Apache instructions in the final iTunesDSr package.

Open httpd.conf (in the Terminal, type sudo nano /etc/httpd/httpd.conf, press Return then enter you password at the prompt and press Return). Scroll down until you find:

# First, we configure the "default" to be a very restrictive set of
# permissions.
#

After those lines, paste this:
###################################################
###      Block server from outside traffic      ###
###################################################

RewriteEngine on
RewriteCond %{REMOTE_ADDR} !^10\.
RewriteRule ^/(.*) http://%{REMOTE_ADDR}/ [L,E=nolog:1]

###################################################

IMPORTANT: If your subnet IP prefix begins with anything other than 10. (one zero dot) be sure to change the RewriteCond line to reflect that.

Press Ctrl-x, then y, then Return and restart Apache.

Leave a Reply

Your email address will not be published. Required fields are marked *