Keeping users from accessing a specific webpage is useful in keeping them from sensitive information. If you host your site on an Apache server, you can lock it down by locking a specific URL. You can lock a URL without locking the entire site if you just need to prevent access to a single page. There are several ways to do this with Apache, so let’s look at seven ways to secure a specific URL in Apache and keep intruders away from it.
This article will help you secure a specific URL in Apache. For example, a site has a secure area like http://example.com/admin/” and we need that only the authorized users or IP addresses can access /admin/ section.
1. Restrict Specific URL by IP Address
First, edit the Apache configuration file and add the below entry in VirtualHost. This will allow /admin URL to 192.168.10.11 or an IP range like 192.168.1.0/24.
<Location /admin> Order deny,allow Deny from all Allow from 192.168.10.11 Allow from 192.168.1.0/24 </Location>
Save the Apache configuration file and restart the apache service using one of the following commands.
sudo systemctl restart httpd#On RedHat based systems sudo systemctl restart apache2#On Debian based systems
Let’s try to access your site from any other IP address. Also, check the given IP address in the configuration file.
2. Setup User Authentication on Specific URL
You can also enable a login screen for a specific URL in the Apache webserver. To do this, edit the Apache configuration file and add the below entry in the website VirtualHost section.
<Location /admin> AuthUserFile /var/www/htpasswd/.htpasswd AuthName "Password Protected Area" AuthType Basic Require valid-user </Location>
Now create a new htpasswd file using the below command and add a new user.
htpasswd -cm /var/www/htpasswd/.htpasswd myuser
OutputNew password: Re-type new password: Adding password for user myuser
Restart the Apache service and access your site URL. It will prompt for login details.
sudo systemctl restart httpd#On RedHat based systems sudo systemctl restart apache2#On Debian based systems
Thanks for using this article, I hope this article fulfills your needs. Click here to read more details about apache location directive.
3 Comments
How can we allow certain URLs only, e.g. URLs which starts with /resources , which contains certain word ?
Very helpful and easy to follow. Thanks Chris!
Thanks for the info. Would really help if you mentioned where the apache config file is located.