-2

I have created a website for a company, and they want me to restrict that website to be accessible only through their company laptops, computers, and cell phones. So I want to know: is there any method for restricting a website only to assigned laptops, PCs, and mobiles?

Please help me in this regard. Thanks.

ASGM
  • 11,051
  • 1
  • 32
  • 53
Jahangir Khan
  • 1
  • 2
    They should use a VPN or similar. Searching for "intranet" might also help you. – str May 25 '13 at 19:34
  • +1, was going to ask if these computers were on the same network. If this website gives access to sensitive information, then only intranet connected devices should be able to access it. You can then block all remote connections to your website then. – Dave Chen May 25 '13 at 19:36
  • 1
    Why do people suggest using an IP blocker? I highly doubt that all computers and cell phones have a fixed IP. – str May 25 '13 at 19:37
  • no these computers will be used outside the company, even at home. or even from one country to other. but the website should be accessed any where only on these machines. – Jahangir Khan May 25 '13 at 19:50

2 Answers2

2

You can do this in 2 ways...

Secure pages using .htpasswd, provide username and passwords to the respective people and they can access the website.

Other is IP filtering, maintain a list of IP's in the database, on the very top of the root page, check the IP's, if they are in the list, than allow, else redirect them

Mr. Alien
  • 153,751
  • 34
  • 298
  • 278
  • 1
    +1 Can we has a simple example of the `htpasswd` – samayo May 25 '13 at 19:34
  • @phpNoOb Provided docs link :) – Mr. Alien May 25 '13 at 19:35
  • I wonder how safe it is to filter by IP... – gkalpak May 25 '13 at 19:36
  • @ExpertSystem It's totally safe, just to be sure, if ip's are static, that will be better – Mr. Alien May 25 '13 at 19:37
  • Totally safe ? I heard IPs can be faked easily :P – gkalpak May 25 '13 at 19:37
  • @ExpertSystem ie masking, you use a proxy, I guess it won't harm here as I've suggested htpasswd first, ip is an extra protection – Mr. Alien May 25 '13 at 19:39
  • It is not safe to filter by IP, you can bounce traffic off machines. A credential is a better mechanism. – artless noise May 25 '13 at 19:40
  • @artlessnoise `.htpasswd` is what you need to use, credentials is not the answer here as he doesn't want users to even access the web page – Mr. Alien May 25 '13 at 19:41
  • Sorry, I meant a password or your `.htpasswd` suggestion. I don't know if PHP has a particular meaning for *credential*. I am just saying that something to authenticate the user known in advance; the generic English use of credential. – artless noise May 25 '13 at 19:42
  • @artlessnoise Ya, than you need to use `.htpasswd` file, nothing can be more secure than this :) – Mr. Alien May 25 '13 at 19:43
  • My client provided me MAC addresses of the machines they are using. And he wants me to create a procedure for those MAC addresses So that the website is restricted to those machines according to its MAC addresses. Is it possible? – Jahangir Khan May 25 '13 at 20:03
  • @JahangirKhan http://stackoverflow.com/questions/1420381/how-can-i-get-the-mac-and-the-ip-address-of-a-connected-client-in-php – Mr. Alien May 25 '13 at 20:04
  • Ok thanks. At Last i want to know that is there any software that may be installed on server from where the website was uploaded, So that it will restrict the website only to assigned machines for accessing it. – Jahangir Khan May 27 '13 at 04:38
  • @JahangirKhan No software, simply use htpasswd file on your server and write the rules – Mr. Alien May 27 '13 at 05:20
0

You can allow access to all your devices based on their IP address. But you will have to know all the IPs and most IPs these days are dynamically assigned ... so they change all the time. Are your devices on the same network ?

If you know the IPs you can use a .htaccess file. 

order deny,allow
deny from all
#list of allowed ips
allow from 888.888.888.888 
allow from 999.999.999.999
allow from 000.000.000.000

Just create a .htaccess file/add those lines (changing the ips of course ) and add it in your root dir.

Iansen
  • 1,268
  • 1
  • 10
  • 14
  • What if MAC addresses are added to the directory? – Jahangir Khan May 25 '13 at 20:05
  • The MAC is not transferred in a IP packet. You can do MAC filtering only if your devices are connected to the same switch/router ... are on the same LAN. – Iansen May 25 '13 at 20:10
  • Restricting access for a certain group of devices (company devices) would require some sort of software to be installed on all of the devices that would talk to your server and receive some sort of authentication token. – Iansen May 25 '13 at 20:16