Using the Apache Allow Directive in htaccess

Allow network/netmask pair

Order deny,allow Deny from all Allow from 10.1.0.0/255.255.0.0

Allow IP address

Order deny,allow Deny from all Allow from 10.1.2.3

Allow More than 1 IP address

Order deny,allow Deny from all Allow from 192.168.1.104 192.168.1.205

Allow Partial IP addresses, first 1 to 3 bytes of IP, for subnet restriction

Order deny,allow Deny from all Allow from 10.1 Allow from 10 172.20 192.168.2

Allow network/nnn CIDR specification

Order deny,allow Deny from all Allow from 10.1.0.0/16

Allow IPv6 addresses and subnets

Order deny,allow Deny from all Allow from 2001:db8::a00:20ff:fea7:ccea Allow from 2001:db8::a00:20ff:fea7:ccea/10

Skeleton .htaccess file

I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs

# # DEFAULT SETTINGS # Options +ExecCGI -Indexes DirectoryIndex index.php index.html index.htm ErrorDocument 400 /cgi-bin/error.php ErrorDocument 401 /cgi-bin/error.php ErrorDocument 403 /cgi-bin/forbidden.cgi ErrorDocument 404 /404.html ErrorDocument 405 /cgi-bin/error.php ErrorDocument 406 /cgi-bin/error.php ErrorDocument 409 /cgi-bin/error.php ErrorDocument 413 /cgi-bin/error.php ErrorDocument 414 /cgi-bin/error.php ErrorDocument 500 /cgi-bin/error.php ErrorDocument 501 /cgi-bin/error.php ### DEFAULTS ServerSignature Off AddType video/x-flv .flv AddType application/x-shockwave-flash .swf AddType image/x-icon .ico AddDefaultCharset UTF-8 AddLanguage en-US .html .htm .txt .xml .php SetEnv TZ America/Las_Vegas SetEnv SERVER_ADMIN webmaster@askapache.com ### PHPINI-CGI #AddHandler php-cgi .php #Action php-cgi /cgi-bin/php5.cgi ### FAST-CGI #AddHandler fastcgi-script .fcg .fcgi .fpl #AddHandler php5-fastcgi .php #Action php5-fastcgi /cgi-bin/fastcgi.fcgi # # HEADERS and CACHING # # 1 YEAR Header set Cache-Control "max-age=29030400, public" # 1 WEEK Header set Cache-Control "max-age=604800, public" # 3 HOUR Header set Cache-Control "max-age=10800" # 1 MIN Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate" Header set P3P "policyref="/w3c/p3p.xml", CP="NOI DSP COR NID CUR ADM DEV OUR BUS"" Header set imagetoolbar "no" # # REWRITES AND REDIRECTS # ### SEO REDIRECTS #Redirect 301 /ssl-ns.html /2006/htaccess/apache-ssl-in-htaccess-examples.html #Redirect 301 /ht.tml #Redirect 301 /index.html / #RedirectMatch 301 /2006/htaccess-forum/(.*) /2006/htaccess/$1 #RedirectMatch 301 /(.*)rfc2616(.*) http://rfc.askapache.com/rfc2616/rfc2616.html #RedirectMatch 301 /phpmanual(.*) /manual/en/$1 ### REWRITES RewriteEngine On RewriteBase / ### WORDPRESS # #RewriteEngine On #RewriteBase / #RewriteCond %{REQUEST_FILENAME} !-f #RewriteCond %{REQUEST_FILENAME} !-d #RewriteRule . /index.php [L] # ### REQUIRE WWW #RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC] #RewriteRule ^(.*)$ /$1 [R=301,L] ### STOP LOOP CODE #RewriteCond %{ENV:REDIRECT_STATUS} 200 #RewriteRule ^.*$ - [L] ### REDIRECT BLOG FEED TO FEEDBURNER #RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator|Recent) [NC] #RewriteRule ^feed/?.*$ http://feeds.feedburner.com/apache/htaccess [L,R=302] ### BLOCK WGET #RewriteCond %{HTTP_USER_AGENT} ^Wget.* [NC] #RewriteRule .* /cgi-bin/forbidden.cgi [L] # # AUTHENTICATION # ### BASIC PASSWORD PROTECTION #AuthName "Prompt" #AuthUserFile /web/askapache.com/.htpasswd #AuthType basic #Require valid-user ### UNDER CONSTRUCTION PROTECTION #AuthName "Under Development" #AuthUserFile /web/askapache.com/.htpasswd #AuthType basic #Require valid-user #Order Deny,Allow #Deny from all #Allow from 23.23.23.1 w3.org googlebot.com google.com google-analytics.com #Satisfy Any

Apache Authentication in htaccess - AskApache

Charles Torvalds

10 Apr 2007

Require password for 1 file only

Protect multiple files: