I have vhost setup for test of a new website. I want to allow access on the localhost, and, from one IP from the Internet (redacted). Apache serves the site just fine on the server but I can't access the site from my the "xxx...." IP. I'm using a physical path to test from the public IP as follows: Apache v2.2 RHEL6 UserDir configured/running SuExec configured/running Below is the relevant vhost block in httpd.conf: <VirtualHost *:80> ServerName test ServerAlias test DocumentRoot /home/user/public_html/test <IfModule mod_fcgid.c> SuexecUserGroup test test <Directory /home/user/public_html/test> Order Deny,Allow Deny from all Allow from xxx.xxx.xxx.xxx 127 Options +ExecCGI DirectoryIndex index.php index.html AllowOverride All AddHandler fcgid-script .php FcgiWrapper /var/www/php-fcgi-scripts/user/php-fcgi-starter .php </Directory> </IfModule> </VirtualHost> Code (markup): I don't have a FQDN as yet, so I just made a entry in /etc/hosts as follows: Here is an excerpt from the Apache error log: I've checked the firewall and the /etc/hosts.allow- that's not it. I've read the Apache docs and in the vhost block Allow should be evaluated last, and apparently is matching localhost but is not matching my IP. Any help?
Sorry for leaving out one detail. An existing virtual host is working fine. The vhost block for that site is the same structure as the one I'm troubleshooting, but, as its serving to the public, the Order,Deny and Allow directives are different. See excerpt below: <VirtualHost *:80> ... .. Order Deny,Allow Allow from all ... .. </VirtualHost> Code (markup): Just to confirm how Apache works- directive in vhost blocks override previous directive (more accurately directives in the main server configuration) correct? So, for the /public_html configuration block, Order and Deny,Allow directives are set as follows to tighten up security: Order deny,allow Deny from all Code (markup): Then I allow selective access by setting directives in the vhost blocks. Is this all correct?
Anyone have suggestions to solve this? I have tried several variations of the Order Deny,Allow directives but can't seem to get Apache to allow access for my desired public IP.
Solved. The issue was more complicated than it needed to be due to my lack of understanding of DNS routing integrated with Apache (using a public IP for the alias directive). I appended the server IP adresss to the ServerAlias directive in the 3rd vhost block. That allows Apache to route the request to the right vhost block. The third vhost is accesible from User the Internet now. The current access control directives are: Order allow,deny All from all Now that Apache can route to the 3rd vhost block I edited the access controls to tighten things down and enable localhost access as: Order deny,allow Deny from all Allow from [redacted public IP subnet] 127. And it works great!