.htaccess files can be used for many things, redirects, password protection, etc. However there is something that some people do not know about htaccess files. The first is that you can only allow a certain IP address to connect with certain areas of the site. The Second is that if you do not set your .htaccess file up right, you may have some serious security flaws down the road.
Having the ability to deny all IP addresses except your own from reaching a specific page can be very handy if you are using a program such as WordPress to host your blog or a Wikigroup. (note that this works with anything that has an admin page, It could be a form or your own PHP login, admin setup.)
Here is the following code that will be inserted into your htaccess.
AuthUserFile /dev/null
AuthGroupFile /dev/null
AuthName “Access Control”
AuthType Basic
<LIMIT GET>
order deny.allow
deny from all
# Whitelist home IP address
allow from 72.91.345.213
# whitelist home2 IP adress
allow from 172.19.2.13
</LIMIT>
The second setup is required so people cannot view your htaccess file directly from their browser. This is a large improvement that will block people from being able to read your file and thus you will be more secure.
Here is the following code that is placed into your .htaccess file.
<Files .htaccess>
order allow,deny
deny from all
</Files>
By: Caleb Jonasson
Related posts:
