htaccess stands Hypertext access, is a directory level configuration file for use on web servers running the Apache Web Server software. Directory level means, where we locate out .htaccess file, it configure that directory only. We can do lots of things using .htaccess, few major functionality like URL rewriting, Password protected directory, URL re-directions and much more.
Restrict users to access pages from site using .htaccess
1. Authentication to your site: In this method, first we have to create username and password for user who will access the pages. File will be save with name .htpasswd. write in .htaccess:
AuthType Basic AuthName "My Protected Area" AuthUserFile /path/to/.htpasswd Require valid-user
AuthType – The ‘Basic’ method is implemented by mod_auth_basic which sends the password from user to server unencrypted. AuthType “Digest” is another method supported by the apache server which is implemented by mod_auth_digest.
AuthName – Text which we want to display on dialog box.
AuthUserFile – location of .htpasswd
Require valid-user – tells the server to authentication needed to access this page.
2. Authentication by IP Address: In this method we can allow or deny particular IP to access webpage.
Deny Particular IP: If you want to block the users from IP address 192.168.11.110.
Order Deny,Allow Deny from 192.168.11.110
Allow Particular IP: If you want to allow the users from IP address 192.168.11.110.
Order Allow, Deny allow from 192.168.11.110 deny from all
3. Deny users by referrer: if you want to block traffic from domain1.com and domain2.com
RewriteEngine On # Options +FollowSymlinks RewriteCond %(HTTP_REFERRER) domain1.com [NC, OR] RewriteCond %(HTTP_REFERRER) domain2.com RewriteRule .* - [F]
Blocked referrals gives ’403 Forbidden’ error message.