Blocking web access via .htaccess
In this manual we will explain how to deny access to someone on our website by editing the .htaccess file.
Connect via FTP to the "/data/web/" directory and edit the ".htaccess" file.
info The ".htaccess" file is hidden. If you do not see it, you should enable the option to view hidden files in your FTP client. You may also need to create it.
Next, add the lines of code we specify according to the needs of your web page.
Deny access to a specific IP address
With this first code, you will be able to block access to a user by their specific IP address. This way, when the user wants to connect, he will be shown a 403 Forbidden error:
deny from 173.236.241.100
You may need to block an entire IP block (we do not recommend this). To do this you must leave the last octet unspecified, thus denying access to anyone with that IP in the range 173.236.241.0 to 173.236.241.255:
deny from 173.236.241.
Allow access only to a specific IP
If, on the other hand, what you need is that nobody can access your website, but you or someone must be able to see it to work on it, you can block access to all IPs except one in particular with the following code:
order deny,allow
deny from all
allow from <TU_DIRECCION_IP>
Deny access to a specific domain
With this we will make it so that anyone connecting to your site from a specific domain, for example "www.swmanuales.com", will not be able to access it. There are three ways to do this:
403 forbidden
If someone clicks on a link on swmanuals.com that redirects to your site, they will see a 403 Forbidden error:
SetEnvIfNoCase Referer "swmanuales.com" bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer
500 internal server error
A 500 Internal Server Error will be displayed to deny any web requests redirected from the swmanuales.com domain:
RewriteEngine on
RewriteCond %{HTTP_REFERER} swmanuales\.com [NC,OR]
RewriteRule .* - [F]
Redirect to google.com
This code redirects any visitor from the URL http://swmanuales.com to the URL http://www.google.com:
RewriteEngine On
RewriteCond %{HTTP_REFERER} ^http://swmanuales.com/
RewriteRule /* http://www.google.com [R,L]
Deny access to files
With this code we will deny access to any file with the extension we specify. Instead of displaying the content, you will see a 404 error.
*In the example, the code forces any file ending in .inc to give a 403 error when visited:
<Files ~ "\.inc$">
Order Allow,Deny
Deny from All
</Files>
Deny access to "hidden" files
Hidden files such as .htaccess, are those files that begin with a dot ".". These types of files are not visible to visitors.
You can recursively deny all access to all files by putting the following code at the top of your .htaccess:
RedirectMatch 403 /\..*$
Deny access to directories
If you do not have an index file in your directory, all your files are listed in a directory listing for anyone to see. Usually, we always have an "index.html or index.php" file in our service, but we may need to deny access for security reasons.
You can deny access to a particular folder or directory with the following code so that when a visitor accesses the directory list it gives a 404 Forbidden error:
Options -Indexes
Deny access to a specific directory
If you have a specific directory that you do not want users to access, you must use the following code.
We will put for example that the directory that we want to block is called "swmanuales":
RewriteEngine On
RewriteRule (^|/)swmanuales(/|$) - [F]
Deny access during a specific time of the day
This way we will deny access to our website during a specific time of the day. We can specify one or several hours.
Example, specifying not to allow access from 15:00 to 15:59:
RewriteEngine On
# Si la hora es 15 (3 PM)
RewriteCond %{TIME_HOUR} ^15$
# Negar todos los accesos
RewriteRule ^.*$ - [F,L]
Example, specifying that access is not allowed from 15:00 to 16:59 and from 6:00 to 7:00:
RewriteEngine On
# Si la hora es 3 PM o 4 PM o 6 AM
RewriteCond %{TIME_HOUR} ^15|16|06$
# Negar todos los accesos
RewriteRule ^.*$ - [F,L]