Restricting directory access might be one of the most frequently used .htaccess techniques out there. As a site grows, there always are some areas that you don’t want visitors to look at such as merchandise warehouse where you store digital products for sale.
You want a programmed server-side script to serve the download after confirming payment instead of risking the users downloading them directly from the directory without paying you.
To deny all requests for the restricted directory or folder, prepare a .htaccess text file in that directory and put the following directive in it:
deny from all
Allow and enable access from certain IP
Say you have a permanent IP and you want to administer the site via /admin and protect the directory from the rest of the world once ‘n’ for all, then you will want the following .htaccess directives:
order deny, allow deny from all allow from 188.8.131.52
Wherein 184.108.40.206 is your IP.
Or if you have an IP range for an entire country, you can allow visits to your site from that particular country only with this technique.
Or if you are operating the site from LAN you can allow only LAN IP to access certain directories such as /admin:
order deny, allow deny from all allow from 192.168.0
Disallow and deny access from certain IP
You get the idea. To allow all visits except from a few identified spam bots, just reverse the deny and allow order like this:
order allow, deny # 220.127.116.11 is a bad bot here deny from 18.104.22.168 allow from all
You should also read:
- 12 Most Used .htaccess Examples, Tips – Commands & Directives
- .htaccess: Directory Listing – Enable Web Directory Browsing & Indexing
- Use robots.txt Disallow directive to forbid spiders and search engine robots
- Set Expiration or Expiring Time by mod_expires.c on Apache via .htaccess to Reduce Web Page Loading Time
- PHP: open_basedir in php.ini to Restrict and Limit PHP File Accesses to a Certain Directory