Search our site for answers
Help Docs Server Administration Linux Server Administration Apache Web Server Allowing and Denying Website Access Using .htaccess

Allowing and Denying Website Access Using .htaccess

Control website access with htaccess rules. Block or allow specific IP addresses, perfect for selective page restrictions on an open site.
LAMP Stack
3 min read

If you need to restrict access to certain pages or websites, you can use htaccess rules. You can block specific IP addresses or allow specific IP addresses. This level of control is good if you want most of your website to be accessible to everyone but have a few restricted pages. Using htaccess files to manage website access is not a replacement for using a software firewall like CSF.

This article provides instructions for both Apache 2.2 and Apache 2.4. Although Apache 2.4 still supports the old-style syntax, we recommend you use the correct syntax for your Apache version and recommend you keep Apache updated to the newest version.

This article assumes you are familiar with htaccess files and editing configuration files via htaccess command line or your server’s file manager.  Before making any changes to configuration files, we strongly recommend you take a backup of the file.

Blocking Specific IP Addresses

To block only specific IP addresses but allow other traffic through, add the following rule to your htaccess file in the directory where you are restricting access.

Apache 2.4

Require all granted
Require not ip 192.0.2.0

Replace “192.0.2.0” with the IP you need to block. You can add as many “Require not ip” lines as you want to this rule. You can also use domains instead of IP addresses by using:

Require not host example.com

Of course, use the domain of the host you’d like to block.

Apache 2.2

# allow all except those indicated here
order allow,deny
allow from all
deny from 192.0.2.0

Replace “192.0.2.0” with the IP you need to block. You can add as many “deny from” lines as you want to this rule. You can also use domains instead of IP addresses by using:

deny from .*example.com.*

Allowing Specific IP Addresses

To block all visitors except a specific IP address, add the following rule to your .htaccess file in the directory where you are restricting access.

Apache 2.4

Require ip 192.0.2.0

Replace “192.0.2.0” with the IP you want to allow. You can add as many “Require ip” lines as you need. If you’d like to display an error message to users from other IPs, you can add:

ErrorDocument 403 "Insert message text here."

Remember to replace the text with your desired error message text.

Apache 2.2

# allow IP range by CIDR number
 order deny,allow
 deny from all
 allow from 192.0.2.0

Replace “192.0.2.0” with the IP you need to block. You can add as many “allow from” lines as you want to this rule.

Now that you’ve learned how to allow and deny access based on IP Address, see how to password protect your website using .htacces in our article Using .htaccess to Password Protect Your Site in Cloud Sites.

Was this article helpful?