How to Restrict Access to your Website with .htaccess

Various methods for blocking visitors based on their IP address are demonstrated.

This can be useful for a variety of reasons, such as preventing some stupid script kiddie from harassing your site, preventing some creepy stalker loser from lurking around your forums, or even silencing the never-ending supply of angry trolls. There are so many reasons why and so many ways to stop them.

1. Block, a specific IP address

This is the one that most visitors to this page will want to use:

Deny from 123.123.123.123

Just change the IP address to the one that you want to block, and then add the code to your site’s root .htaccess file.

2. How to use .htaccess to block a domain

Denying access via links from specific domains (e.g. www.problemdomain.com) is also possible through .htaccess. The following rule will display a 403 Forbidden error to any user accessing your site from a link hosted on the targeted domain:

SetEnvIfNoCase Referer “problemdomain.com” bad_referer

Order Allow, Deny

Allow from ALL

Deny from env=bad_referer

Change the domain in the first line of the rule to target the domain you wish to block. For a more subtle approach, this rule displays a 500 Internal Server Error for anyone linking from the target domain:

RewriteEngine on

RewriteCond %{HTTP_REFERER} example\.com [NC,OR]

RewriteRule .* – [F]

3. Block multiple IP addresses

If you’ve got more than one IP address that you would like to block, you can deny them all at once:

Deny from 111.111.111.111 222.222.222.222 333.333.333.333

This will block the three specified IPs: 111.111.111.111, 222.222.222.222, and 333.333.333.333. Edit the IPs to match the ones that you want to block, and then add the line to your .htaccess file.

4. How to completely disable access to your account

1 – To prevent direct access to all files and folders on your server, create the .htaccess file in the root (top folder) of your server and add the following rule:

deny from all

2 – Then click on the Save Changes button. 

5 – How to remove access restrictions through .htaccess

If you wish to remove access restrictions from your .htaccess file, simply delete the rule from the file in cPanel File Manager’s text editor and save the file.

6 – How to block all IP addresses except specific ones

If you want to block all IP addresses except specific ones, use this rule: 

Order allow, deny

Deny from all

Allow from IP1

Allow from IP2

Hope you find this article useful for website security, incase you are looking for fully Managed Web hosting with added security make sure to take a look at WebhostUK plan and get free migration assistance.

Author – Preston