HomeFirewall/SecurityHow to Allow/Deny Access to a site using .htaccess

How to Allow/Deny Access to a site using .htaccess

How to Allow/Deny Access to a site using .htaccess

The .htaccess file is a powerful configuration file used by Apache web servers, to manage and control access to your Website. With this you can allow/deny access to your website from various IP,Domains and Graphical region. We have already discussed the details of .htaccess file in our previous article.

Here we are discussing about how to allow/deny access to a site by .htaccess file. Access control is a critical aspects of our website security and performance optimization. By allowing or denying specific users or IP addresses, you can prevent unauthorized access, block malicious traffic, or restrict content availability.

Prerequisites

  • Access to the .htaccess file on your web server.
  • Basic knowledge of how to edit files via a control panel, FTP, or SSH.
  • An understanding of the IP addresses or domains you wish to allow or block.

Note: Always take a backup of your .htaccess file before making changes.

Denying Access by IP Address

Locate the .htaccess File

  1. Log in to your hosting account or server.
  2. Navigate to the root directory of your website, usually /public_html/ or /var/www/html/.
  3. Look for the .htaccess file. If it doesn’t exist, create one.

Now to block specific IP addresses from accessing your site, add the following lines to your .htaccess file:

order allow,deny
deny from <IP>
deny from <IP>
allow from all

The allow from all directive ensures that all other visitors have access.

Allowing Access by IP Address

To restrict access to only specific IP addresses, use this configuration:

order deny,allow
deny from all
allow from <IP>
allow from <IP>

Replace the IPs with those of users you want to grant access.

Blocking Access by Domain

If you want to block users from specific domains, use the SetEnvIf directive:

SetEnvIf Referer "example.com" spammer
SetEnvIf Referer "another-spam-site.com" spammer
<Files *>
Order Allow,Deny
Allow from all
Deny from env=spammer
</Files>

Replace example.com and another-spam-site.com with the domains you wish to block.

Denying Access to Specific Files or Directories

You can block access to specific files or directories by adding rules to your .htaccess file. For example:

Block Access to a Specific File

<Files "config.php">
    Order Allow,Deny
    Deny from all
</Files>

Block Access to a Specific Directory

<Directory "/path/to/your/directory">
Order Allow,Deny
Deny from all
</Directory>

Restricting Access Based on User Agent

You can allow or deny website access based on specific user agents. User agents are identifiers sent by browsers or bots when they visit a website. To block unwanted bots or allow specific browsers, you can add the following rules to your .htaccess file:

To Block Specific User Agents

Use the following code to deny access to certain user agents:

SetEnvIfNoCase User-Agent "BadBot" bad_bot
SetEnvIfNoCase User-Agent "EvilScraper" bad_bot

<RequireAll>
    Require all granted
    Require not env bad_bot
</RequireAll>

To Allow Only Specific User Agents

Use the following code to allow only specific user agents and block all others.

SetEnvIfNoCase User-Agent "Googlebot" allowed_agent
SetEnvIfNoCase User-Agent "Bingbot" allowed_agent

<RequireAll>
    Require env allowed_agent
</RequireAll>

Replace "BadBot", "EvilScraper", "Googlebot", and "Bingbot" with the actual user agent strings you wish to allow or block.

Conclusion

The .htaccess file is a versatile tool for controlling website access. By configuring access rules based on IP addresses, domains, or files, you can enhance your site’s security and manage user access effectively. Remember to regularly review and update your .htaccess rules to adapt to changing security requirements.

Scroll to Top