Restrict access to website/subserver to only one IP Address

SYSTEM INFORMATION
OS type and version Debian 12
Virtualmin version 7.30.8

Hi,
I have a subdomain/subserver, subdomain.domain.com, not related to virtualmin administration, for which i want to restrict access to only one IP, but this restriction has to apply only to this, the rest of servers/subservers should be available to anyone.

I guess your using apache2 so if your not using virtualmin to administer this, just learn how to use apache2

I think i didn’t make myself clear. The subdomain is not one used for administrating virtualmin, but a normal subdomain which is intended to be used as „intranet”. I use Virtualmin to administer domains and servers and I was looking for a solution within Virtualmin, I know what to do in Apache, but I don’t want to mix things and cause troubles in Virtualmin by editing manually in Apache.

Try this. With your website selected in the pulldown Web Configuration -> Configure Website -> Edit Directives, in the section <Directory /home/whatever/public_html> replace the “Require all granted” with:

    Require ip YOUR_IP_ADDRESS
    Require all denied

Where you have replace YOUR_IP_ADDRESS with the IP you want to be the only one that can see it.

Like:

<Directory /home/whatever/public_html>
    Options -Indexes +IncludesNOEXEC +SymLinksIfOwnerMatch +ExecCGI
    Require ip 192.168.1.100
    Require all denied
    AllowOverride All Options=ExecCGI,Includes,IncludesNOEXEC,Indexes,MultiViews,SymLinksIfOwnerMatch
    AddHandler fcgid-script .php
    AddHandler fcgid-script .php8.3
    FCGIWrapper /home/comfytest/fcgi-bin/php8.3.fcgi .php
    FCGIWrapper /home/comfytest/fcgi-bin/php8.3.fcgi .php8.3
</Directory>

Then “Save and Close” and “Apply Changes”

1 Like

Thanks, that’s basically is editing Apache Directives from within Virtualmin.

If I want to show instead of usual blunt message 403 forbidden I will just pt somewhere a html page and edit in Web Configuration → Error Handling to prompt to it?

Ok, tryed that, but got an extra error: Additionaly, a 403 forbidden error was encountered when
trying to use an Error Document to handle the request. Where then shall I place the error page?