Controlling Access by Internet Address
IT Connect > Web > Publishing > Controlling Access > By Internet Address
- On This Page
- Limitations
- Allowing Access
- Denying Access
- How to Specify Addresses
- Example: Allowing Access to UW Computers
This article demonstrates how you can control access to Web pages based on computer addresses. You can grant or restrict access to individual computers or whole subdomains of computers.
Limitations
Controlling access to your Web site by computer address has some limitations:
-
It provides minimal protection - On the Internet, one computer can impersonate another computer, a practice known as "spoofing". Spoofing defeats any access control method that depends on the validity of a computer's address.
-
People move around - More and more, people using the Internet do not always use the same computer with the same address. You may not be able to predict or rely on them connecting to your Web site from a specific computer or domain.
For these reasons, try to control access to your Web site using passwords when possible.
Allowing Access
If you want to allow access to specific computers or subdomains:
- StepsActions
-
Log into your web development server using a terminal emulator. If you're not sure how to do this, click here for instructions.
-
At the prompt, enter the following command to change directories to your Web directory:
cd public_html
If you want to password protect a subdirectory rather than your whole Web site, change directories to the subdirectory you want to protect. For example:
cd private
-
At the prompt, enter the following command to create a .htaccess file in the current working directory:
pico .htaccess
-
Add the following text to this file:
order deny,allow
deny from all
allow from address -
Replace address with the address of the computer or subdomain you want to have access.
-
Add other "allow from" directives to allow access from other computers or subdomains.
-
Save the .htaccess file (in Pico use ctrl+x).
Denying Access
If you want to deny access to specific computers or subdomains:
- StepsActions
-
Log into your web development server using a terminal emulator. If you're not sure how to do this, click here for instructions.
-
At the prompt, enter the following command to change directories to your Web directory:
cd public_html
If you want to password protect a subdirectory rather than your whole Web site, change directories to the subdirectory you want to protect. For example:
cd private
-
At the prompt, enter the following command to create a .htaccess file in the current working directory:
pico .htaccess
-
Add the following text to this file:
order allow,deny
allow from all
deny from address -
Replace address with the address of the computer or subdomain you do not want to have access.
-
Add other "allow from" directives to disallow access from other computers or subdomains.
-
Save the .htaccess file (in Pico use ctrl+x).
How to Specify Addresses
You can specify computer addresses in five ways:
- StepsActions
- Use the word all to refer to all computer addresses.
- Use the complete domain name (e.g. dante.u.washington.edu) of an individual computer.
- Use a partial domain name (e.g. washington.edu) to refer to all computers within a specific domain.
- Use the complete IP address (e.g. 140.142.52.1) of an individual computer.
- Use a partial IP address (e.g. 140.142) to refer to all computers within a specific subnet.
Example: Allowing Access to UW Computers
Most computers at the University of Washington have registered domain names in the washington.edu subdomain. Therefore, the following .htaccess allows access from UW computers and denies access from all others:
order deny,allow
deny from all
allow from washington.edu
