Domi Domi - 1 month ago 14
Apache Configuration Question

Require ip 127.0.0.1 works sometimes and sometimes' it won't

I have a very simple

.htaccess
file:

<RequireAll>
Require all granted

# require localhost
Require ip 127.0.0.1
</RequireAll>


and it works... sometimes!

Sometimes, it will throw me a 403, and the
error.log
explains:


[client ::1:65443] AH01630: client denied by server configuration


Why won't it match that local client to the
Require ip 127.0.0.1
rule?

Answer

As it turns out, Apache 2.4's Require matches the IP exactly. If you have multiple IP addresses aliasing localhost, you need to list all of them (or use a special alias, if one exists, as explained below).

In this particular case, the error.log entry reveals it all: The client connected through the IPv6 interface (ip == ::1). That needs to be white-listed as well:

<RequireAll>
    Require all granted

    # require localhost
    <RequireAny>
        Require ip 127.0.0.1
        Require ip ::1
    </RequireAny>
</RequireAll>

Any suggestions as to whether there is a simpler/safer method to get this done, are very welcome!

Update

As Helge Klein suggests, Require local is the way to go:

<RequireAll>
    Require all granted

    # require localhost
    Require local
</RequireAll>