Restrict by IP Address or Hostname-Computing Services - Carnegie Mellon University

Restrict by IP Address or Hostname

The .htaccess file is a text file. Follow these steps to create the file and restrict access to all or part of your web site.

  1. First, you must follow instructions provided in the Using Authenticated Publishing document to configure your collection for KWPublish (authenticated publishing). Once you've configured your collection, test publish and have someone else test publish the collection to be sure that you have configured it correctly.
  2. Launch a text editor and save a file called .htaccess in the directory that you want to restrict access to.

    Note: If you want to restrict access to your entire site, store the .htaccess file in the top level of your www directory. If you want to allow access to the top level, store the file in a sub-directory of your www directory to restrict access only to that sub-directory.
  3. Enter syntax similar to the following:
    <limit GET OPTIONS>
    deny from variablename
    allow from variablename

    where variablename is equal to the variables you want to set. Use the notes and examples below to determine the correct syntax.
  4. Once the .htaccess file contains the correct syntax, you need to save it WITHOUT the file extension; UserWeb, which is a UNIX server, does not recognize file extensions.

    For example, if using Notepad to create the file, select File > Save As. Enter the name as .htaccess. In the Save as type: pull down menu, select All Files. Click Save.
  5. FTP the .htaccess file to the appropriate level of the www collection and republish using KWPublish.

IP Address Syntax: Notes and Examples

This limitation can be defined by full/partial IP address or by full/partial domain name. In either case, you'll need to use the deny and allow directives along with the IP address or domain name.

deny from variablename


This directive defines who cannot access or is "denied" access to the web pages; variablename is the full/partial IP address or domain name to be denied.

allow from variablename


Likewise, this directive defines who can access the web pages. Again, variablename is the full/partial IP address or domain name to be allowed access.

Important: Be aware that, by default, deny directives are evaluated before allow directives regardless of the order in which they appear in the .htaccess file.

In the example below, access is denied to all users and then allowed to those using a 128.2 IP address or within the domain.
deny from all
allow from 128.2.
allow from

Last Updated: 3/12/12