Denying and allowing access to your website can be accomplished very easily with .htaccess. In order to block an IP address you would use the following command within your .htaccess file:

deny from 000.000.000.000

Replace 000.000.000.000 with the IP address you wish to block. If you only specify one or two groups of the numbers you will block a whole range of IP’s.

You can also use .htaccess to deny everyone access to a directory except for scripts. For example lets say that you have all your database passwords and configuration files in a folder called configs. You want to be able to include the files inside that folder using PHP in most of your webpages, but you don’t want them to be accessible via the internet. In order to accomplish this you would create a new .htaccess file and place it into the configs folder and place the following command into it:

deny from all

This would prevent that directory from being publicly accessible, however PHP will still be able to use it freely.

Furthermore instead of using numeric addresses, domain names (and subdomain names) can also be used to ban users. For example:

deny from myisp.com

This bans users with a remote hostname ending in myisp.com. This would stop all users connected to the internet via myisp.com from viewing your site.

Take note that using .htaccess to block an entire range or name is likely to lock out innocent users. Please use with caution.

Published by Michael Boguslavskiy

Michael Boguslavskiy is a full-stack developer & online presence consultant based out of New York City. He's been offering freelance marketing & development services for over a decade. He currently manages Rapid Purple - and online webmaster resources center; and Media Explode - a full service marketing agency.

Leave a comment

Your email address will not be published. Required fields are marked *