Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Deny all, allow only one IP through htaccess

Tags:

.htaccess

People also ask

How can I block all IP addresses except specific ones?

To do that, click on Windows Firewall with Advanced Security in the left pane, and choose Windows Firewall Properties from the right pane. Next to Outbound connections, choose Block. Then, click OK. Once you've done that, just delete the block all outgoing traffic rule and you should be all set.

How do I restrict IP address in htaccess?

Step 1: Generate the Country's IP Addresses Select the countries you want to block or allow. On the Select Format section, choose Apache . htaccess Deny or Apache . htaccess Allow.

What does Deny from all do in htaccess?

You just need to add a few commands to . htaccess to make it happen. For example, deny from all is a command that will allow you to apply access restrictions to your site.


order deny,allow
deny from all
allow from <your ip> 

I know this question already has an accepted answer, but the Apache documentation says:

The Allow, Deny, and Order directives, provided by mod_access_compat, are deprecated and will go away in a future version. You should avoid using them, and avoid outdated tutorials recommending their use.

So, a more future-proof answer would be:

<RequireAll>
    Require ip xx.xx.xx.xx yy.yy.yy.yy
</RequireAll>

Hopefully, I've helped prevent this page from becoming one of those "outdated tutorials". :)


This can be improved by using the directive designed for that task.

ErrorDocument 403 /specific_page.html
Order Allow,Deny
Allow from 111.222.333.444

Where 111.222.333.444 is your static IP address.

When using the "Order Allow,Deny" directive the requests must match either Allow or Deny, if neither is met, the request is denied.

http://httpd.apache.org/docs/2.2/mod/mod_authz_host.html#order


Slightly modified version of the above, including a custom page to be displayed to those who get denied access:

ErrorDocument 403 /specific_page.html
order deny,allow
deny from all
allow from 111.222.333.444

...and that way those requests not coming from 111.222.333.444 will see specific_page.html

(posting this as comment looked terrible because new lines get lost)


Improving a bit more the previous answers, a maintenance page can be shown to your users while you perform changes to the site:

ErrorDocument 403 /maintenance.html
Order Allow,Deny
Allow from #.#.#.#

Where:

  • #.#.#.# is your IP: What Is My IP Address?
  • For maintenance.html there is a nice example here: Simple Maintenance Page

Just in addition to @David Brown´s answer, if you want to block an IP, you must first allow all then block the IPs as such:

<RequireAll>
  Require all granted
  Require not ip 10.0.0.0/255.0.0.0
  Require not ip 172.16.0.0/12
  Require not ip 192.168
</RequireAll>
  • First line allows all
  • Second line blocks from 10.0.0.0 to 10.255.255.255
  • Third line blocks from 172.16.0.0 to 172.31.255.255
  • Fourth line blocks from 192.168.0.0 to 192.168.255.255

You may use any of the notations mentioned above to suit your CIDR needs.


Add the following command in .htaccess file. And place that file in your htdocs folder.

Order Deny,Allow
Deny from all
Allow from <your ip> 
Allow from <another ip>