How do I setup apache to only allow local devices to connect to my website/app?

Question

Hey guys I'm really new to this please forgive me if I butcher all the terminology. I've managed to get a lamp-server running for my small business and have created a small webapp that runs on the server. How do configure apache to only allow other devices in the same network to connect and restrict access for everyone else? Is what I'm trying to achieve called an Intranet server? If so what are the security aspect I should be aware of?

Thanks in advance! I'm looking forward to learn from you guys.

Answer 1

Allow, Satisfy and related directives have been deprecated, and they only still work for backwards compatibility as part of the module mod_access_compat

The new way is using the module mod_authz_host and the Require directives. (link)

Mixing the two is discouraged. Quoting this official source

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.

If you want to restrict to local network, you can do something like

<Directory /var/www/ncp-web/>
  Require host localhost
  Require ip 127.0.0.1
  Require ip 192.168
  Require ip 10
</Directory>

Remove all Allow directives.

Answer 2

You can use - Listen Directive option to accept connections on two specified interfaces and port numbers

Change ports.conf so that it contains:

Listen 127.0.0.1:80 Listen 127.0.0.1:8000

refer link for detailed info : http://httpd.apache.org/docs/2.0/mod/mpm_common.html#listen

{OR}

in your site-enabled site.

Should limit apache serving to anyone but localhost for anything under

Order Deny,allow Deny from all Allow from 127.0.0.0/255.0.0.0 ::1/128

Answer 3

Just create a VirtualHost restricting the access to it in your apache configuration. This is a sample:

<VirtualHost *:80>
    DocumentRoot "/var/www/"
    ServerName www.example.com      

   <Directory "/var/www/">
      Options Indexes FollowSymLinks
      AllowOverride all
      Order deny,allow
      Allow from all
      Require 192.168.0.1/24
   </Directory>    
</VirtualHost>

The Require provides a variety of different ways to allow or deny access to resources. In my sample, it restricts the access for the subnet 192.168.0.1/24 only.