Limiting Access To Apache’s VirtualHosts To Local Network (LAN) Only

To only allow connections to websites from machines that are on your local network (LAN), while blocking everyone coming from the Internet, edit the website’s HTTP and SSL VirtualHost files and update the website’s <Directory> configuration…

From – All Access:

Options All

AllowOverride All

Order allow,deny
Allow from all

To – LAN Access Only:

Options All

# All directives except Limit directives (allow, deny, order)
AllowOverride AuthConfig FileInfo Indexes Options=All

Order deny,allow
Deny from all

Allow from localhost

# IPv4
Allow from 127.0.0.0/8       # IPv4 Loopback Addresses
Allow from 169.254.0.0/16    # IPv4 Link-local Addresses
Allow from 10.0.0.0/8        # IPv4 Normal LAN Address Space
Allow from 172.16.0.0/12     # IPv4 Normal LAN Address Space
Allow from 192.168.0.0/16    # IPv4 Normal LAN Address Space

# IPv6
# For Apache 2.4 and up only
<IfVersion >= 2.4>
Allow from ::1/128           # IPv6 Loopback Addresses
Allow from fe80::/10         # IPv6 Link-local Addresses
Allow from fc00::/7          # IPv6 Unique Local Addresses (LAN Space)	
</IfVersion>

Changing AllowOverride All to remove Limit directives (allow, deny, order) restricts further .htaccess files from overriding the above Allow from configuration.

To use the IfVersion directive this module should be loaded by Apache –

LoadModule version_module modules/mod_version.so

To use the allow, deny, and order directives on Apache 2.4 this module should be loaded –

LoadModule access_compat_module modules/mod_access_compat.so

Private Network Addresses

One thought on “Limiting Access To Apache’s VirtualHosts To Local Network (LAN) Only”

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>