.htaccess is a resourceful file that can allow or deny access to your website or a folder or files in the directory in which it is placed by using order, allow and deny keywords.
How to allow access to a single IP address using .htaccess
In the following example, we will assume that you want to allow access only to 1.2.3.4 IP address. The code that you will need to add in your .htaccess file is:
# Order Allow, Deny Deny from All Allow from 1.2.3.4
Order keyword here specifies the order in which allow, deny access would be processed. For the above ‘Order’ statement, the Allow statements would be processed first and then the deny statements would be processed.
How to deny access to a single IP Address using .htaccess
Let’s assume that you wish to deny or block access to your website from 1.2.3.4 IP address.
The below lines provide the means to allow access to your website from all users except one with the IP Address: 1.2.3.4
# Order Allow, Deny Deny from 1.2.3.4 Deny from 1.2.3.5 Allow from All
# Order Deny, Allow Deny from 1.2.3.4 Deny from 1.2.3.5
If there are multiple IP’s to which you want to deny access, simply add as many ‘Deny from’ rules as needed.
How to Deny Access to Hidden Files and Directories
Hidden files and directories (those whose names start with a dot .) should most, if not all, of the time be secured. For example: .htaccess, .htpasswd, .git, .hg…
RewriteCond %{SCRIPT_FILENAME} -d [OR]
RewriteCond %{SCRIPT_FILENAME} -f
RewriteRule "(^|/)\." - [F]
Alternatively, you can just raise a “Not Found” error, giving the attacker no clue:
RedirectMatch 404 /\..*$
Deny Access to Backup and Source Files
These files may be left by some text/HTML editors (like Vi/Vim) and pose a great security danger if exposed to the public.
<FilesMatch "(\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$">
## Apache 2.2
Order allow,deny
Deny from all
Satisfy All
## Apache 2.4
# Require all denied
</FilesMatch>
How to Disable Directory Browsing
Options All -Indexes
That’s it. Now you know how to Allow or Deny access to your website using .htaccess.
If you enjoyed this tutorial, then you’ll love our support! All ChemiCloud’s hosting plans include 24/7 support from our amazing support team. Check out our web hosting plans and have your website migrated today!