Hostname-based Access Control for Dynamic IPs

Sometimes less is more. The most simple way to protect my private web space on my web server is this:

<Location />
    Order Deny,Allow
    Deny from All
    Allow from

But what to do if changes the IP every 24 hours and if the reverse DNS entry (PTR) is something like When my computer at home connects to the web server the source IP address is used for a reverse DNS lookup. This lookup returns the above mentioned provider-assigned name and not,  the web server will never be able to identify this IP as belonging to my home router.

The solution is to write the IP↔Name mapping for my dynamic IPs into /etc/hosts. That way a reverse lookup on the IP will actually yield the information from /etc/hosts and not ask the DNS system.

Since I don't want to do this manually every time my IP changes, I automate it with this script. It reads host names from /etc/hosts.autoupdate and injects them into /etc/hosts:

The script is actually part of the hosts-updater DEB package which also installs a man page and a CRON job to run this every 5 minutes. As a result my own server recognizes my dynamic IPs as authorized and under their "proper" name.


Popular posts from this blog

Setting Custom Page Size in Google Docs - My First Published Google Apps Script Add-On

WARNING is a waste of my time

How did GitOps get started? An interview with Alexis Richardson