How to only allow certain IPs to hit specific HTML pages?

rolinger

Well-Known Member
Feb 13, 2017
45
3
58
Tampa
cPanel Access Level
Root Administrator
I am looking for any Apache or CSF method that will allow me to help better lock down my web server. All my public facing pages are *.HTML pages, all my server processing files are labeled .PHP. Meaning only .PHP files should be accessed by HTML files from my own servers.

At the moment, all of my PHP files have a function that looks for the client IP - if its not one of my servers requesting the PHP page, then spit out an "Invalid Request" page and exit the script.

However, this means the external user is still getting to my web PHP files...which is permitting a connection and server resources.

Is there any method in (preferably) CSF, or even Apache, that will only allow certain IPs to access specific files?
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,793
1,878
363
cPanel Access Level
Root Administrator
Hey there! Inside cPanel there is the IP Blocker tool. Using that interface adds the following code to the local .htaccess file for the user:

Code:
<Files 403.shtml>
order allow,deny
allow from all
</Files>

deny from 1.2.3.4
so you could use that template to manually add a list of IPs you don't want to access the site.

As for the firewall level, I don't have any details that would let you do per-domain or per-vhost, as those would be all or nothing.
 

rolinger

Well-Known Member
Feb 13, 2017
45
3
58
Tampa
cPanel Access Level
Root Administrator
@cPRex - thanks for the response (again). Can the reverse of that be done...only permit a few IPs, deny the rest?

Code:
<Files 403.shtml>
order allow,deny
allow from 1.1.1.1, 2.2.2.2, 127.0.0.1l
</Files>

deny from all
As well....how does that target my *.php files only? I am not too proficient with Apache .htaccess files.
 

cPRex

Jurassic Moderator
Staff member
Oct 19, 2014
11,793
1,878
363
cPanel Access Level
Root Administrator
Sure - something like this would do the trick for PHP files:

Code:
<Files *.php>
    Order allow,deny
    allow from 1.1.1.1, 1.1.1.2, etc.....
    Deny from all
</Files>
There's much more reading on the .htaccess rules here: