Differences

This shows you the differences between two versions of the page.

--- htaccess_files_allowing_from_ip_address [2025/03/20 19:37] – removed - external edit (Unknown date) 127.0.0.1
+++ htaccess_files_allowing_from_ip_address [2025/03/20 19:37] (current) – ↷ Page name changed from htaccess_files to htaccess_files_allowing_from_ip_address juckins
@@ Line 1: / Line 1: @@
+==== Apache .htaccess files and Allowing from IP Address ====
+[[http://httpd.apache.org/docs/2.0/howto/htaccess.html|Apache documentation on .htaccess]] \\
+[[http://httpd.apache.org/docs/2.0/howto/auth.html|Apache documentation on auth.html]] \\
+to create a new password file:
+<code>
+# htpasswd -c /var/www/passwd/passwords rbowen
+New password: mypassword
+Re-type new password: mypassword
+Adding password for user rbowen
+</code>
+to append to existing password file:
+<code>
+# htpasswd /var/www/passwd/passwords rbowen
+New password: mypassword
+Re-type new password: mypassword
+Adding password for user rbowen
+</code>
+To allow access to [[http://stackoverflow.com/questions/17867576/deny-access-to-all-folders-except-a-few-ones-using-htaccess|just specific directories]], block access the the root level.  The .htacess file in the document root should look like this:
+<code>
+# Refuse direct access to all files
+Order deny,allow
+Deny from all
+Allow from 127.0.0.1
+Allow from localhost
+Allow from 192.168.1.0/24
+</code>
+Then create an .htaccess file in whatever directories you want to allow access to:
+<code>
+Allow from all
+</code>
+[[https://www.inmotionhosting.com/support/website/redirects/setting-up-a-301-permanent-redirect-via-htaccess|Other .htaccess tricks]]
+[[https://electrictoolbox.com/apache-password-protect-allow-ip/|Use password protection but allow from IP address]]
+Example:
+  AuthUserFile /path/to/.htpasswd
+  AuthName "Restricted Access"
+  AuthType Basic
+  require user [username]
+  satisfy any
+  deny from all
+  allow from 192.168.1.
+  allow from 10.1.1.45
+  allow from 172.16.5.106