Limiting Access To Apache's VirtualHosts To Local Network (LAN) Only

Posted: 2014-11-01 17:06:30

To only allow connections to websites from machines that are on your local network (LAN), while blocking everyone coming from the Internet, edit the website’s HTTP and SSL VirtualHost files and update the website’s <Directory> configuration…

From – All Access:

Options All

AllowOverride All

Order allow,deny
Allow from all

To – LAN Access Only:

Options All

# All directives except Limit directives (allow, deny, order)
AllowOverride AuthConfig FileInfo Indexes Options=All

Order deny,allow
Deny from all

Allow from localhost

# IPv4
Allow from       # IPv4 Loopback Addresses
Allow from    # IPv4 Link-local Addresses
Allow from        # IPv4 Normal LAN Address Space
Allow from     # IPv4 Normal LAN Address Space
Allow from    # IPv4 Normal LAN Address Space

# IPv6
# For Apache 2.4 and up only
<IfVersion >= 2.4>
Allow from ::1/128           # IPv6 Loopback Addresses
Allow from fe80::/10         # IPv6 Link-local Addresses
Allow from fc00::/7          # IPv6 Unique Local Addresses (LAN Space)	

Changing AllowOverride All to remove Limit directives (allow, deny, order) restricts further .htaccess files from overriding the above Allow from configuration.

To use the IfVersion directive this module should be loaded by Apache –

LoadModule version_module modules/

To use the allow, deny, and order directives on Apache 2.4 this module should be loaded –

LoadModule access_compat_module modules/

Private Network Addresses