Controlling Access by Internet Address

Summary

This article demonstrates how you can control access to Web pages based on computer addresses. You can grant or restrict access to individual computers or whole subdomains of computers.

Included on this page:

• Limitations
• Allowing Access
• Denying Access
• How to Specify Addresses
• Example: Allowing Access to UW Computers

Limitations

Controlling access to your Web site by computer address has some limitations:

• It provides minimal protection - On the Internet, one computer can impersonate another computer, a practice known as "spoofing". Spoofing defeats any access control method that depends on the validity of a computer's address.

• People move around - More and more, people using the Internet do not always use the same computer with the same address. You may not be able to predict or rely on them connecting to your Web site from a specific computer or domain.

For these reasons, try to control access to your Web site using passwords when possible.

Allowing Access

If you want to allow access to specific computers or subdomains:

1. Log in to your Homer, Dante, or Shell.MyUW.net account.

2. Press the O key for Other, then press the W key to drop into the Web development environment.

3. At the prompt, enter the following command to change directories to your Web directory:

   cd public_html

   If you want to password protect a subdirectory rather than your whole Web site, change directories to the subdirectory you want to protect. For example:

   cd private

4. At the prompt, enter the following command to create a .htaccess file in the current working directory:

   pico .htaccess

5. Add the following text to this file:

   order deny,allow
   deny from all
   allow from <address>

6. Replace <address> with the address of the computer or subdomain you want to have access.

7. Add other "allow from" directives to allow access from other computers or subdomains.

8. Save the .htaccess file (in Pico use ^X).

Denying Access

If you want to deny access to specific computers or subdomains:

1. Log in to your Homer, Dante, or Shell.MyUW.net account.

2. Press the O key for Other.

3. Press the W key to drop into the Web development environment.

4. At the prompt, enter the following command to change directories to your Web directory:

   cd public_html

   If you want to password protect a subdirectory rather than your whole Web site, change directories to the subdirectory you want to protect. For example:

   cd private

5. At the prompt, enter the following command to create a .htaccess file in the current working directory:

   pico .htaccess

6. Add the following text to this file:

   order allow,deny
   allow from all
   deny from <address>

7. Replace <address> with the address of the computer or subdomain you do not want to have access.

8. Add other "allow from" directives to disallow access from other computers or subdomains.

9. Save the .htaccess file (in Pico use ^X).

How to Specify Addresses

You can specify computer addresses in five ways:

1. Use the word all to refer to all computer addresses.
2. Use the complete domain name (e.g. dante.u.washington.edu) of an individual computer.
3. Use a partial domain name (e.g. washington.edu) to refer to all computers within a specific domain.
4. Use the complete IP address (e.g. 140.142.52.1) of an individual computer.
5. Use a partial IP address (e.g. 140.142) to refer to all computers within a specific subnet.

Example: Allowing Access to UW Computers

Most computers at the University of Washington have registered domain names in the washington.edu subdomain. Therefore, the following .htaccess allows access from UW computers and denies access from all others:

order deny,allow
deny from all
allow from washington.edu

UW Technology
help@u.washington.edu
Modified: October 22, 2007