BlooPlace – IT Blog

May 27th, 2012

How to restrict the access to a web directory

How-to, by admin.

Sometimes when you are developing something and you don’t want anyone other than you to see it you need to restrict the access to it. You could just password protect it, which usually takes a few minutes to set up, but there is an alternative – you can just use the DENY setting in the htaccess files.

If you need to deny all access but permit only a certain IPs to the page:

This way you can set for instance only you as localhost to go to that directory and all sub-directories or a range of IPs. None other than the permitted IPs can view the directory. Thus it may be considered even more secure than .htaccess + .htpasswd method.

So, how to do it? Go to the directory you wish to restrict and create an empty .htaccess file. Open the file with any text editor and inside write:

deny from all
allow fromĀ  127.0.0.1

It simply say “hey Apache,deny the access to everyone except these guys”. It supports a full IP as well as a part IP, which will allow all IPs in that range to view the page.

deny from all
allow fromĀ  127.0.0.1 174.194.35.

This would be interpreted by the Apache as “Deny the access to all IPs except 127.0.0.1 and all IPs starting with 174.194.35.XXX”

If you need to allow all connections to the web directory, but deny only a list of IPs:

If you wish to block the access to only one person (IP) and allow the access to everyone else, you can do it by writing:

Order Allow,Deny
Deny from 127.0.0.1
Allow from all

This basically orders the Apache HTTP Server to allow all connections except the connections coming from that IP (127.0.0.1 in this case).

Here is how it would look if you would want to block the access to every IP starting with 173.194.35. and also 127.0.0.1

Order Allow,Deny
Deny from 127.0.0.1 173.194.35.
Allow from all

PS: this is also a good way to stop any hack or DDoS attack against a web server and every Web master should be aware of this.

Back Top

Leave a Reply