Your .htaccess file might look like this:

order deny,allow
deny from all

# allow from example.dyndns.org
allow from 8.8.4.4

And your sed code to update the allowed IP address might look like this:

sed -i -r "/# allow from example.dyndns.org/I{\
n; s/([0-9]{1,3}.){3}[0-9]{1,3}/8.8.8.8/\
}" .htaccess

Let’s look at it piece by piece.

• /# allow from example.dyndns.org/I will search the file for this string. The I flag at the end makes the search case insensitive.
• n; will tell sed to continue processing on the next line.
• s/([0-9]{1,3}\.){3}[0-9]{1,3}/8.8.8.8/ will regex search for an IP and replace the match with your updated IP (in this case 8.8.8.8).
• .htaccess is of course the input file to process.

Note that in .htaccess files, comments must be on a line of their own. End of line or inline comments are not permitted. In cases where you do not need to replace a part of the next line but rather all of it, our replacement becomes s/.*/8.8.8.8/

Related posts:

1. Securing WordPress Dashboard using .htaccess behind CloudFlare (or any other CDN)
2. What’s my IP? Check your IP address from the command line.
3. Handy command line currency converter.

In all cases, there are 2 areas that can be locked down from 2 separate .htaccess files. These are:

• /wordpress/.htaccess to secure the wp-login.php file (used to log in).
• /wordpress/wp-admin/.htaccess to secure everything under the wp-admin directory.

I want to allow only a few IP addresses to be able to access these areas. This is how it’s done without a cloud:

# add the following lines to /wordpress/.htaccess
<Files wp-login.php>
    order deny,allow
    deny from all
    allow from 93.75.252.219
    allow from 110.170.50.32
</Files>

# add the following lines to /wordpress/wp-admin/.htaccess
order deny,allow
deny from all
allow from 93.75.252.219
allow from 110.170.50.32

Access to the login and admin areas of your website are now restricted to only the IPs you allow. If however, you are using a service like CloudFlare, the above will not work because apache can’t see your (the visitor’s) IP address. Let’s fix this:

# add the following lines to /wordpress/.htaccess
<Files wp-login.php>
    SetEnvIf X-FORWARDED-FOR 93.75.252.219 allowedip
    SetEnvIf X-FORWARDED-FOR 110.170.50.32 allowedip
    order deny,allow
    deny from all
    allow from allowedip
</Files>

# add the following lines to /wordpress/wp-admin/.htaccess
SetEnvIf X-FORWARDED-FOR 93.75.252.219 allowedip
SetEnvIf X-FORWARDED-FOR 110.170.50.32 allowedip
order deny,allow
deny from all
allow from allowedip

Apache is now reading your IP address and setting the allowedip environment variable which is then whitelisted on the last line.

Note that you should *not* rely on this security measure alone since an IP address you have whitelisted can and may be spoofed. Always monitor your access logs and combine this with other security methods (such as basic authentication for example) to further increase security.

Related posts:

1. Using sed to search and replace contents of next line in a file.
2. iNove theme by NeoEase for WordPress 3.0
3. CloudFlare threat control. Require captcha by country.

Given the opportunity of the move, I decided to split my VirtualHost configuration out of a single httpd.conf file into per virtual-host config files. This by chance, is something that I knew that I could do since 1696 but never really realized the advantages of doing so before now.

Anyway, the mistake I made was to assign ServerName in httpd.conf to either a named or aliased VirtualHost. This caused a conflict which was solved as soon as I changed ServerName to something totally irrelevant.

No related posts.