Can Apache allow traffic from a certain domain only?

Question

I have a script that runs as an external question on Mechanical Turk. On MTurk, these external questions run as an iFrame on a page on mturk.com.

I want to make it so that the directory that this script is in is only accessible from a few select IPs and from iFrames located on mturk.com. Can I include this in a directory configuration on my file for the site?

For example:

<Directory /blah/blah/blah/directory>
    Order deny,allow
    Deny from all
    Allow from 123.456.789.0
    Allow from 98.765.432.10
    Allow from mturk.com
</Directory>

Will this consistently work to only allow traffic from the iFrame on that page?

score 0 · Answer 1 · edited Apr 13 '17 at 12:14

0

It looks like you've copied the syntax from Apache 2.2, which doesn't work in 2.4.

This isn't exactly your use case, but it should get you started. The relevant syntax is

Require IP 123.456.789.0 98.765.432.10

http://httpd.apache.org/docs/trunk/mod/mod_authz_host.html

Apache 2.4 - How to restrict traffic (by IP address) to all requests except the base path?

edited Apr 13 '17 at 12:14

Community

1

answered Sep 21 '15 at 20:31

pgoetz

526

Can Apache allow traffic from a certain domain only?

1 Answers1