0

I was wondering if there was a way to only allow myself to access certain pages on my website? Is there a way to do this by using my ip address? And if someone with a different ip try's to access the page they are denyed or forwarded back to my homepage, or something along those lines. Is this an htaccess issue, if so can someone give me some pointers. Thanks in advanced!

2
Contributors
1
Reply
2
Views
7 Years
Discussion Span
Last Post by edwinhermann
2

.htaccess can password protect portions of your site. If your private pages are intermingled with public pages in the same directory, you can create a .htaccess file to go in the root of your Web directory, like this:

<Files private_*>
AuthUserFile /path/to/.htpasswd
AuthName "Private"
AuthType Basic
Require valid-user
</Files>

That means that any php files beginning with "private_" (e.g. private_showusers.php, private_editaccount.php) will be password protected. Note that with AuthType set to "Basic" means that your password is sent in the clear, so it's not particularly safe unless you do it over SSL (i.e. as part of https://)

The .htpasswd file takes the format:

username:hash

where "username" is the login name (you can pick one) and "hash" is the standard unix password hash of a password. If you don't know how to use crypt() on Unix, you can use PHP as follows

<?php echo crypt("mypassword","salt"); ?>

Replace "mypassword" with your password (pick one) and replace "salt" with two random characters (e.g. 6v or dR etc).

Alternatively, you can use this online tool to do it: http://www.functions-online.com/crypt.html

The .htpasswd file should live outside of the public Web directories, but be readable by at least the Web server process.

A better way is to have all your private pages in a directory of their own (rather than mixed in with public pages in the same directory), in which case the .htaccess file would go in the root of that private directory and you can drop the <files> tags.

Alternatively, if you want to do it by IP, you can do it by PHP by adding:

<?php
if ($_SERVER["REMOTE_ADDR"] != "123.45.67.89") {
  header("Location: http://www.yoursite.com/");
  exit;
  }
?>

at the very beginning of each private page.

Note that if you're using a proxy, or if your ISP proxies your traffic for you, it will be your ISP's proxy IP that is advertised, and not your actual computer's IP address. This is less secure, because you may find other people using the same ISP will show as having the same IP address and therefore they can get access to the private sections of your site.

To find out what IP address is advertised to the remote site, visit http://www.whatismyip.com/ and it will show you what your IP address is.

Edited by edwinhermann: n/a

Votes + Comments
Very useful info.
good advice EH, learned a bit myself
This topic has been dead for over six months. Start a new discussion instead.
Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.