.htaccess<\/b>\u00a0is a resourceful file that can allow or deny access to your website or a folder or files in the directory in which it is placed by using\u00a0order<\/b>,\u00a0allow<\/b>\u00a0and\u00a0deny<\/b>\u00a0keywords.<\/p>\nHow to allow access to a single IP address using .htaccess<\/h2>\n
In the following example, we will assume that you want to allow access only to\u00a01.2.3.4\u00a0<\/strong>IP address. The code that you will need to add in your .htaccess file is:<\/p>\n Order<\/b>\u00a0keyword here specifies the order in which\u00a0allow<\/b>,\u00a0deny<\/b>\u00a0access would be processed. For the above \u2018Order<\/b>\u2019 statement, the\u00a0Allow<\/b>\u00a0statements would be processed first and then the\u00a0deny<\/b>\u00a0statements would be processed.<\/p>\n Let’s assume that you wish to deny or block access to your website from 1.2.3.4 IP address.<\/p>\n The below lines provide the means to allow access to your website from all users except one with the IP Address: 1.2.3.4<\/b><\/p>\n If there are multiple IP’s to which you want to deny access, simply add as many ‘Deny from’ rules as needed.<\/p>\n Hidden files and directories (those whose names start with a dot\u00a0 Alternatively, you can just raise a \u201cNot Found\u201d error, giving the attacker no clue:<\/p>\n These files may be left by some text\/HTML editors (like Vi\/Vim) and pose a great security danger if exposed to the public.<\/p>\n That’s it.<\/strong> Now you know how to Allow or Deny access to your website using .htaccess.<\/p>\n \t\t# Order Allow, Deny\r\nDeny from All\r\nAllow from 1.2.3.4<\/pre>\n
How to deny access to a single IP Address using .htaccess<\/h2>\n
# Order Allow, Deny\r\nDeny from 1.2.3.4\r\nDeny from 1.2.3.5\r\nAllow from All\r\n<\/pre>\n
# Order Deny, Allow\r\nDeny from 1.2.3.4\r\nDeny from 1.2.3.5<\/pre>\n
How to Deny Access to Hidden Files and Directories<\/h2>\n
.<\/code>) should most, if not all, of the time be secured. For example:\u00a0.htaccess<\/code>,\u00a0.htpasswd<\/code>,\u00a0.git<\/code>,\u00a0.hg<\/code>…<\/p>\nRewriteCond<\/span> %{SCRIPT_FILENAME}<\/span> -d<\/span> [OR]<\/span>\r\nRewriteCond<\/span> %{SCRIPT_FILENAME}<\/span> -f<\/span>\r\nRewriteRule<\/span> \"(^|\/)\\.\"<\/span> -<\/span> [F]<\/span><\/pre>\n<\/div>\nRedirectMatch<\/span> 404 \/\\..*$<\/pre>\n<\/div>\nDeny Access to Backup and Source Files<\/h2>\n
<FilesMatch<\/span> \"(\\.(bak|config|dist|fla|inc|ini|log|psd|sh|sql|swp)|~)$\">\r\n ## Apache 2.2<\/span>\r\n Order<\/span> allow,deny\r\n Deny<\/span> from all\r\n Satisfy<\/span> All\r\n\r\n ## Apache 2.4<\/span>\r\n # Require all denied<\/span>\r\n<\/FilesMatch<\/span>><\/pre>\n<\/div>\nHow to Disable Directory Browsing<\/h2>\n
Options All -Indexes<\/pre>\n