using .htaccess to restrict logins

They have: 32 posts

Joined: Jun 2009

I read somewhere that by using .htaccess, it is possible to block login attempts (even with correct username and password combo) by IP address.

For example, if a site has an "admin login", I could say, only allow certain IP addresses to log into this section - even if attempts were made using the correct username and password combination?

Is this correct, and if so, how would I implement it?

Thankyou

Greg K's picture

He has: 2,145 posts

Joined: Nov 2003

Try the following in your .htaccess file:

Order Deny,Allow
Deny from all
Allow from {ip address}

ip address can be one of these:

192.168.55.34 Full ip
192.68 All IP's of 192.168.(any).(any)
192.168.55.0/255.255.0.0 network/subnet (same as above)
192.168.66.0/16 don't worry about this unless you know what it is

See http://httpd.apache.org/docs/1.3/mod/mod_access.html for more information on setting this up. Note, the examples listed on the page include the <Directory path > </Directory> which you do not need within .htaccess, as it affects the directory the file is in.

-Greg

They have: 32 posts

Joined: Jun 2009

Got it - thanks

Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.