Using htaccess block access to a range of URLs except for my IP address

byronyasgur picture byronyasgur · Apr 30, 2014 · Viewed 8.9k times · Source

How can I block a range or URL's for all but my IP address.

So ...

Allow http://mydomain.com/* to all users

Block http://mydomain.com/thisdirectoryandallcontents/* to all but my IP

I found some code from another site which might work but I don't have the htaccess skills to adapt it

Options +FollowSymlinks
RewriteEngine on

#urls to exclude
RewriteCond %{REQUEST_URI} !/url-to-exclude-1$
RewriteCond %{REQUEST_URI} !/url-to-exclude-2$
RewriteCond %{REQUEST_URI} !^/images$
RewriteCond %{REQUEST_URI} !^/css$
RewriteCond %{REQUEST_URI} !^/$

#ip to allow access
RewriteCond %{REMOTE_HOST} !^11\.11\.11\.11$

#send to root
RewriteRule .? /http://www.mydomain.com [R=302,L]

Answer

meberhard picture meberhard · Apr 30, 2014

I have a similar requirement and do basically the same when I put my page (or a part) on maintenance. The content of the htaccess file looks like this:

Options +FollowSymlinks
RewriteEngine on
RewriteCond %{REQUEST_URI} /thisdirectoryandallcontents
RewriteCond %{REMOTE_ADDR} !=111.111.111.111
RewriteRule ^.*$ /maintenance.php [R=302,L]

I will explain it step by step according to your requirements:

  1. Every user should be able to access the homepage http://mydomain.com/ - cool, no configuration needed.
  2. The first RewriteCond checks, if the request lies within the folder /thisdirectoryandallcontents.
  3. The second RewriteCond checks, if the IP address is any other then 111.111.111.111 (here you have to write your IP address).
  4. If both of the conditions apply, we redirect the user to /maintenance.php. Here I usually output a message to the user, that the page is currently under maintenance. You could display a message, that the user doesn't have access to /thisdirectoryandallcontents. Instead of redirecting the user to the maintenance page, you could also redirect him to the home page if you wish to.