As a website administrator, you may often want to allow access only to specific users. For example, you might want to restrict access to an internal site that contains company-only information or to a test environment. In such cases, utilizing the web server configuration file “.htaccess” can be very useful.
Using the “Require” directive in .htaccess, you can set up basic authentication, redirects, and more. In this article, we will introduce a method to restrict website access so that only specific IP addresses can connect.
While .htaccess is often used to block malicious IP addresses, if you have a fixed IP address, you can configure it so that only that IP address can access the website. This allows you to create a website that can only be accessed from within a company with a fixed IP address.
What is .htaccess?
.htaccess is a configuration file used on web servers such as Apache. By using this file, you can control website access, redirect URLs, and apply various other settings. Even without programming knowledge, you can achieve many functionalities with simple syntax, making it a powerful tool for website administrators.
Basic access restriction: “Require all denied” and “Require all granted”
When setting up access restrictions, the two most fundamental commands to know are “Require all denied” and “Require all granted.”
Deny all access: Require all denied
If you write “Require all denied” in the .htaccess file, access from all users will be denied. This is the basic setting when you want to allow access only to specific users.
By adding the following to your .htaccess file, you can block all access to your website:
Require all denied
Allow all access: Require all granted
Conversely, if you write “Require all granted,” access will be allowed for all users. This is the default state for most websites.
To allow all access, use the following:
Require all granted
Allow access only from specific IP addresses: Require ip
Another important access restriction method is to allow access only from specific IP addresses. This is useful for creating an internal site that can only be accessed from within a company.
Add the following to your .htaccess file:
Require ip XXX.XX.XXX.XXX
“XXX.XX.XXX.XXX” represents the IP address. If you want to allow multiple IP addresses, add multiple lines of “Require ip XXX.XX.XXX.XXX” and replace “XXX.XX.XXX.XXX” with the desired IP addresses.
Require ip XXX.XX.XXX.XXX
Require ip XXX.XX.XXX.XX2
Practical example: A site accessible only from specific IPs
By combining these commands, you can create a website that can only be accessed from specific IP addresses.
To implement this, write the following in your .htaccess file:
Require all denied
Require ip XXX.XX.XXX.XXX
With this configuration, all access is initially denied, and then access is permitted only for the specified IP address.
Conclusion
By using .htaccess, you can finely control access to your website. This feature is useful in various scenarios, such as improving security and providing information to specific user groups. Take this opportunity to master .htaccess configuration!
※ If you choose to use this method, please do so at your own risk.
