===== Apache .htaccess files and Allowing from IP Address =====
[[http://httpd.apache.org/docs/2.0/howto/htaccess.html|Apache documentation on .htaccess]] \\
[[http://httpd.apache.org/docs/2.0/howto/auth.html|Apache documentation on auth.html]] \\

to create a new password file:
<code>
# htpasswd -c /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen
</code>

to append to existing password file:
<code>
# htpasswd /var/www/passwd/passwords rbowen
New password: mypassword
Re-type new password: mypassword
Adding password for user rbowen
</code>

To allow access to [[http://stackoverflow.com/questions/17867576/deny-access-to-all-folders-except-a-few-ones-using-htaccess|just specific directories]], block access the the root level.  The .htacess file in the document root should look like this:
<code>
# Refuse direct access to all files
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from localhost
Allow from 192.168.1.0/24
</code>
Then create an .htaccess file in whatever directories you want to allow access to:
<code>
Allow from all
</code>

[[https://www.inmotionhosting.com/support/website/redirects/setting-up-a-301-permanent-redirect-via-htaccess|Other .htaccess tricks]]

[[https://electrictoolbox.com/apache-password-protect-allow-ip/|Use password protection but allow from IP address]]

Example:

  AuthUserFile /path/to/.htpasswd
  AuthName "Restricted Access"
  AuthType Basic
  require user [username]
  satisfy any
  deny from all
  allow from 192.168.1.
  allow from 10.1.1.45
  allow from 172.16.5.106