Sometimes it is necessary to forbid access to your web pages to anybody, except some users with known IP,
for example, restrict access to testing server. .htaccess file is per-directory configuration file of well-spread web-server Apache and it is possible to control access to your files adding special dirictives there.
Apache module mod_authz_host (Apache 2.x) and mod_access (Apache 1.3) has directives
- Allow, quotation from apache docs:
The Allow directive affects which hosts can
access an area of the server. Access can be controlled by
hostname, IP Address, IP Address range, or by other
characteristics of the client request captured in environment
The first argument to this directive is always
from. The subsequent arguments can take three
different forms. If Allow from all is specified, then
all hosts are allowed access...
- Deny, quotation from apache docs:
This directive allows access to the server to be restricted
based on hostname, IP address, or environment variables. The
arguments for the Deny directive are
identical to the arguments for the Allow directive.
The subsequent Allow from and Deny from arguments may be
- A full IP adress, like 10.1.2.3
- A partial IP adress, like 10.1 (head part of IP)
- network/netmask or CIDR (see apache documentation)
Following example will restrict everybody from accessing the pages, except users with IP beginning with 192.168 (local network)
and for some user from the Internet with ip adress "18.104.22.168"
Deny from all
Allow from 192.168
Allow from 22.214.171.124
To use this example, change IP-addresses to your preferred values and put these lines to .htaccess file(create it, if it does not exist).
Some hosting providers may reconfigure apache to use some other file instead of .htaccessSome hosting providers could completely or partly disable .htaccess file configuration
FreeBSD 5.2 :: Apache 1.3Linux :: Apache 2.2