PHP, MySQL, Drupal, .htaccess, Robots.txt, Phponwebsites: Restrict access
Restrict access - phponwebsites.com
Showing posts with label Restrict access. Show all posts

15 Nov 2013

Restrict users to access pages from site using .htaccess

                      Someone may be misuse your information. So .htaccess can be used to restrict unwanted user for accessing your page. It can be done by number of ways, something within that.

Authentication  to your site:

                  In this method, first you have to create user name and password for user who are access your pages. File is saved with name .htpasswd. You've to store your .htpasswd file in .htpasswds folder. You can store it anywhere except in public_html.
  Syntax:
               AuthName "Anything your wish to display on dialog box"             
               AuthType Basic
               AuthUserFile /home/username/.htpasswds/.htpasswd
               Require valid-user
Now anybody try to access your cpanel, the web browser ask username and password.
      where,
                 AuthName     - what you wish to display message on dialog  box to user, when they get to access this page.
                 AuthType Basic - AuthType selects the method that is used to authenticate the user who are try to access particular page on your site. The ' Basic ' method is implemented by mod_auth_basic which sends the password from user to server unencrypted.
                 AuthType Digest is another method supported by the apache server which is implemented by mod_auth_digest.
                 AuthUserFile - where your .htpasswd file located.
                 Require valid-user - tells the server to authentication needed to access this page
You can provide authentication for particular file.
  Syntax:
               AuthUserFile /home/username/.htpasswds/.htpasswd
               AuthType Basic
               AuthName "Anything your wish to display on dialog box"             
               <Files "filename to provide authenticate">
               Require valid-user   
               </Files>
  In password protection method, you can disable it.
  Syntax:
              Require valid-user
              Allow from 127.0.0.1
              Satisfy Any

Deny users by IP Address:

              Some users may be violate your contents. So you have to protect that particular user only. It can be done by .htaccess.
  Syntax:
               order allow, deny
               deny from 192.168.1.1
               allow from all
    where,
              the browser block the users from IP 192.168.1.1
 Considered another example,
  Syntax:
               order allow, deny
               deny from 192.168.1.
               allow from all
 where, the browser block the users from IP address starts with 192.168.1.

You can allow only one user and block all users using it.
  Syntax:
               order allow, deny
               allow from 192.168.1.1
               deny from all
 where, the browser allow the user from IP address 192.168.1.1 only

Deny users by referrer:

               Considered as a example, you host a new site. you may be got referrals. /at this stage, your site have been spammed. This spam will affect the log file. It render your log files useless. We can solve it by .htaccess.
  Syntax:
              RewriteEngine On
              # Options +FollowSymlinks
              RewriteCond %(HTTP_REFERRER) example\.com [NC]
              RewriteRule .* - [F]
   where,
             RewriteEngine On - turn on the mod_rewrite.c
             Options +FollowSymlinks should be start with ' # '. Otherwise it give error message ' 500 Internal Server Error ' .
             RewriteCond %(HTTP_REFERRER) example\.com - it tells server to block traffic from example.com
             [NC] - not case sensitive

You can create multiple referrer.
  Syntax:
              RewriteEngine On
              # Options +FollowSymlinks
              RewriteCond %(HTTP_REFERRER) example\.com [NC, OR]
              RewriteCond %(HTTP_REFERRER) anotherone\.com 
              RewriteRule .* - [F]
  where,
            it says server to block traffic from example.com and anotherone.com.