using .htaccess to restrict logins
I read somewhere that by using .htaccess, it is possible to block login attempts (even with correct username and password combo) by IP address.
For example, if a site has an "admin login", I could say, only allow certain IP addresses to log into this section - even if attempts were made using the correct username and password combination?
Is this correct, and if so, how would I implement it?
Thankyou
Greg K posted this at 15:10 — 25th July 2009.
He has: 2,145 posts
Joined: Nov 2003
Try the following in your .htaccess file:
Order Deny,Allow
Deny from all
Allow from {ip address}
ip address can be one of these:
192.168.55.34 Full ip
192.68 All IP's of 192.168.(any).(any)
192.168.55.0/255.255.0.0 network/subnet (same as above)
192.168.66.0/16 don't worry about this unless you know what it is
See http://httpd.apache.org/docs/1.3/mod/mod_access.html for more information on setting this up. Note, the examples listed on the page include the <Directory path > </Directory> which you do not need within .htaccess, as it affects the directory the file is in.
-Greg
benjy posted this at 16:13 — 25th July 2009.
They have: 32 posts
Joined: Jun 2009
Got it - thanks
Want to join the discussion? Create an account or log in if you already have one. Joining is fast, free and painless! We’ll even whisk you back here when you’ve finished.