Hello,

I m trying to block this URL on apache app/index.php/admin/authentication/sa/login with below text added on httpd.conf in location /etc/httpd/conf:

#<Directory "/var/www/html/index.php/admin/authentication/sa/login">
# AllowOverride none
# Order Deny,Allow
# Deny from all
# Allow from Some IP from internal network
#</Directory>

But it doesnt work and I dont understand the mapping. Actually the URL doesn't have a mapping folder, file in var/www/html/limesurvey.

drwxrwxr-x. 2 apache apache 40 May 26 13:22 admin
drwxrwxr-x. 15 apache apache 256 Mar 2 12:58 application
drwxrwxr-x. 7 apache apache 102 Mar 2 12:58 assets
-rwxrwxr-x. 1 apache apache 15202 Mar 2 12:58 buildVueComponents.js
-rwxrwxr-x. 1 apache apache 1340 Mar 2 12:58 composer.json
-rwxrwxr-x. 1 apache apache 3275 Mar 2 12:58 CONTRIBUTING.md
drwxrwxr-x. 5 apache apache 180 Mar 2 12:58 docs
drwxrwxr-x. 19 apache apache 4096 Mar 2 12:58 framework
drwxrwxr-x. 2 apache apache 37 Mar 2 12:58 html
-rwxrwxr-x. 1 apache apache 6615 Mar 2 12:58 index.php
drwxrwxr-x. 5 apache apache 73 Mar 2 12:58 installer
-rwxrwxr-x. 1 apache apache 49473 Mar 2 12:58 LICENSE
drwxrwxr-x. 102 apache apache 4096 Mar 2 12:58 locale
-rwxrwxr-x. 1 apache apache 80 Mar 2 12:58 manifest.yml
drwxrwxr-x. 4 apache apache 31 Mar 2 12:58 modules
-rwxrwxr-x. 1 apache apache 62 Mar 2 12:58 package.json
-rwxrwxr-x. 1 apache apache 1140 Mar 2 12:58 phpci.yml
-rwxrwxr-x. 1 apache apache 468 Mar 2 12:58 phpunit.xml
drwxrwxr-x. 3 apache apache 36 Mar 2 12:58 plugins
-rwxrwxr-x. 1 apache apache 1378 Mar 2 12:58 psalm.xml
-rwxrwxr-x. 1 apache apache 2742 Mar 2 12:58 README.md
drwxrwxr-x. 9 apache apache 4096 Mar 2 12:58 tests
drwxrwxr-x. 5 apache apache 49 Mar 2 12:58 themes
drwxrwxr-x. 37 apache apache 4096 Mar 2 12:58 third_party
drwxrwxr-x. 6 apache apache 107 Jun 12 12:51 tmp
drwxrwxr-x. 10 apache apache 139 Mar 2 12:58 upload
-rwxrwxr-x. 1 apache apache 360 Mar 2 12:58 yarn.lock


I tried to test with index.php to block and it work but above admin URL address doesnt have a mapping on appliaction structure. The idea would to that outside oraganistion people dont have access on admin url.

Any suggestion? Thank you!

It seems that Location tag handle the unmapped URL requests. So it works with below code but it doesn't allow the IP to access the page from Allow line. I'm doing something wrong?

<Location "/index.php/admin/authentication/sa/login">
AllowOverride none
Order Deny,Allow
Deny from all
Allow from 10.10.10.10
</ Location>

You can see here :
application\controllers\admin\authentication.php

and after that ligne :
if (!defined('BASEPATH')) {
exit('No direct script access allowed');
}

Add this for :
if (defined('BASEPATH')) {
header("Location: www.yoursitename ");
exit ();

I think it good, but it made a fork