.htaccess: how to restrict access to a single file by IP?

Question

I've look all over, but keeps running into same info that talks about directory level IP restriction, which usually looks something like this:

Order Deny,Allow
Deny from all
Allow from 123.123.123.123

Is it possible to have same type of access restriction tied to a page/document?

score 37 · Accepted Answer · edited Feb 26 '14 at 19:46

37

This will allow either someone from IP 127.0.0.1 or logged as a valid user. Stick it either in your config or .htaccess file.

    <Files learn.php>
        Satisfy any
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1

        AuthType Basic
        AuthName "private"
        AuthUserFile /var/www/phpexperts.pro/.htpasswd
        AuthGroupFile /dev/null
        Require valid-user
    </Files>

IP Alone:

    <Files learn.php>
        Order deny,allow
        Deny from all
        Allow from 127.0.0.1
    </Files>

That definitely answers your question.

edited Feb 26 '14 at 19:46

Shawn

3,583
8
46
63

answered Aug 30 '10 at 22:08

Theodore R. Smith

21,848
12
65
91

Fastest answer response ever! – Theodore R. Smith Aug 30 '10 at 22:14
@TheodoreR.Smith : if I want to deny from one IP but allow from all others then what to write in htaccess? – sqlchild Feb 06 '14 at 15:41
Change to `Allow from all` `Deny from IP_ADDRESS`. – Theodore R. Smith Feb 07 '14 at 18:20
@TheodoreR.Smith, I tried your code but I am getting Access forbidden! from my ip address. I have to access the service.php page from my single ip. Order deny, allow Deny from all Allow from 0.0.0.0 https://prnt.sc/vtkknw – user9437856 Dec 01 '20 at 12:41

score 9 · Answer 2 · answered May 03 '12 at 12:32

9

I think the directive needs to be:

Order deny,allow

for the answer above to work (at least for the IP Alone solution).

answered May 03 '12 at 12:32

Dominic

91
1
2

How to block an organization to open my website from their PCs ? They have 10 PCs connected on LAN and they need to access my website from only 5 of their PCs and block on the other 5? How do I achieve this? – sqlchild Feb 06 '14 at 18:12

score 1 · Answer 3 · answered Jun 21 '16 at 15:28

1

Mod-rewrite based solution :

RewriteEngine on

RewriteCond %{REMOTE_ADDR} !^Y\.O\.U\.R\.IP$
RewriteRule ^file\.php$ - [F,L]

The rewriteRule above will deny all requests to file.php if client ip does not match the ip address in the RewriteCond's pattern

answered Jun 21 '16 at 15:28

Amit Verma

40,709
21
93
115

This answer is not clear to implement for many developers. – landed Aug 09 '21 at 10:34
@landed Could you please explain what's not clear in my answer? This is a mod-rewrite solution to protect a file from an ip address and it's the easiest , fastest,and safest way to do so. – Amit Verma Aug 09 '21 at 12:06

score 1 · Answer 4 · answered Sep 12 '19 at 21:59

For a more up to date Apache 2.4 example:

<Files file.html>
    Require ip 123.123.123.123
</Files>

Here are the more in depth docs for additional options and examples: https://httpd.apache.org/docs/2.4/howto/access.html and the docs for the <Files> directive: https://httpd.apache.org/docs/2.4/mod/core.html#files

Note that <Files> can be nested inside <Directory> sections to restrict the portion of the filesystem they apply to.

.htaccess: how to restrict access to a single file by IP?

4 Answers4

Linked