I would like to block a path from my site using the .htaccess configuration. The idea is that only a specific set of IP's can access that specific path from the URL.
Note: It's a path, not a page or directory. We are trying to shield off a web-service so there will be only post calls to the URL's.
I would like the url example.com/rest to be blocked and everything behind that url based on IP. So example.com/rest/test_service and example.com/rest/test_service/read should be blocked.
All other paths from the application should remain functional.
What I've tried the following but it doesn't seem to work. Not a single page is accessible like this.
SetEnvIf Request_URI "/rest$" rest_uri
<RequireAll>
Require env rest_uri
<RequireAny>
Require ip XXX.XXX.XXX.XXX
</RequireAny>
</RequireAll>
I've tried different things but none of them seem to work. Any help is appreciated.
You can use directives like this to allow an IP range for certain URL:
# set env variable if URL is /rest or /rest/
SetEnvIf Request_URI "/rest(/.*)?$" rest_uri
Order deny,allow
# first deny all
Deny from all
# then allow if env var is not set
Allow from env=!rest_uri
# also allow your IP range
Allow from 10.1.0.0/16