Controlling Access by Internet Address

This article demonstrates how you can control access to Web pages based on computer addresses. You can grant or restrict access to individual computers or whole subdomains of computers.

Limitations

Controlling access to your website by computer address has some limitations:

  • It provides minimal protection - On the Internet, one computer can impersonate another computer, a practice known as "spoofing". Spoofing defeats any access control method that depends on the validity of a computer's address.

  • People move around - Internet users do not always use the same computer with the same address. You may not be able to predict or rely on them connecting to your website from a specific computer or domain.

For these reasons, try to control access to your website using passwords when possible.

Allowing Access

If you want to allow access to specific computers or subdomains:

  1. Log into your web development server using a terminal emulator. If you're not sure how to do this, click here for instructions.

  2. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    pico .htaccess

  4. Add the following text to this file:

    order deny,allow
    deny from all
    allow from address

  5. Replace address with the address of the computer or subdomain you want to have access.

  6. Add other "allow from" directives to allow access from other computers or subdomains.

  7. Save the .htaccess file (in Pico use ctrl+x).

Denying Access

If you want to deny access to specific computers or subdomains:

  1. Log into your web development server using a terminal emulator. If you're not sure how to do this, click here for instructions.

  2. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    pico .htaccess

  4. Add the following text to this file:

    order allow,deny
    allow from all
    deny from address

  5. Replace address with the address of the computer or subdomain you do not want to have access.

  6. Add other "allow from" directives to disallow access from other computers or subdomains.

  7. Save the .htaccess file (in Pico use ctrl+x).

How to Specify Addresses

You can specify computer addresses in five ways:

  1. Use the word all to refer to all computer addresses.
  2. Use the complete domain name (e.g. dante.u.washington.edu) of an individual computer.
  3. Use a partial domain name (e.g. washington.edu) to refer to all computers within a specific domain.
  4. Use the complete IP address (e.g. 140.142.52.1) of an individual computer.
  5. Use a partial IP address (e.g. 140.142) to refer to all computers within a specific subnet.

Example: Allowing Access to UW Computers

Most computers at the University of Washington have registered domain names in the washington.edu and uw.edu subdomains. Therefore, the following .htaccess allows access from UW computers and denies access from all others:

order deny,allow
deny from all
allow from washington.edu
allow from uw.edu

Last modified: June 21, 2013