htaccess stands Hypertext access, is a directory level configuration file for use on web servers running the Apache Web Server software. Directory level means, where we locate out .htaccess file, it configure that directory only. We can do lots of things using .htaccess, few major functionality like URL rewriting, Password protected directory, URL re-directions and much more.
Restrict users to access pages from site using .htaccess
1. Authentication to your site: In this method, first we have to create username and password for user who will access the pages. File will be save with name .htpasswd. write in .htaccess:
AuthName "My Protected Area"
AuthType - The ‘Basic’ method is implemented by mod_auth_basic which sends the password from user to server unencrypted. AuthType “Digest” is another method supported by the apache server which is implemented by mod_auth_digest.
AuthName - Text which we want to display on dialog box.
AuthUserFile - location of .htpasswd
Require valid-user - tells the server to authentication needed to access this page.
2. Authentication by IP Address: In this method we can allow or deny particular IP to access webpage.
Deny Particular IP: If you want to block the users from IP address 192.168.11.110.
Deny from 192.168.11.110
Allow Particular IP: If you want to allow the users from IP address 192.168.11.110.
Order Allow, Deny
allow from 192.168.11.110
deny from all
3. Deny users by referrer: if you want to block traffic from domain1.com and domain2.com
# Options +FollowSymlinks
RewriteCond %(HTTP_REFERRER) domain1\.com [NC, OR]
RewriteCond %(HTTP_REFERRER) domain2\.com
RewriteRule .* - [F]
Blocked referrals gives ’403 Forbidden’ error message.