PHP, MySQL, Drupal, .htaccess, Robots.txt, Phponwebsites: Restrict users to access pages from site using .htaccess

15 Nov 2013

Restrict users to access pages from site using .htaccess

                      Someone may be misuse your information. So .htaccess can be used to restrict unwanted user for accessing your page. It can be done by number of ways, something within that.

Authentication  to your site:

                  In this method, first you have to create user name and password for user who are access your pages. File is saved with name .htpasswd. You've to store your .htpasswd file in .htpasswds folder. You can store it anywhere except in public_html.
  Syntax:
               AuthName "Anything your wish to display on dialog box"             
               AuthType Basic
               AuthUserFile /home/username/.htpasswds/.htpasswd
               Require valid-user
Now anybody try to access your cpanel, the web browser ask username and password.
      where,
                 AuthName     - what you wish to display message on dialog  box to user, when they get to access this page.
                 AuthType Basic - AuthType selects the method that is used to authenticate the user who are try to access particular page on your site. The ' Basic ' method is implemented by mod_auth_basic which sends the password from user to server unencrypted.
                 AuthType Digest is another method supported by the apache server which is implemented by mod_auth_digest.
                 AuthUserFile - where your .htpasswd file located.
                 Require valid-user - tells the server to authentication needed to access this page
You can provide authentication for particular file.
  Syntax:
               AuthUserFile /home/username/.htpasswds/.htpasswd
               AuthType Basic
               AuthName "Anything your wish to display on dialog box"             
               <Files "filename to provide authenticate">
               Require valid-user   
               </Files>
  In password protection method, you can disable it.
  Syntax:
              Require valid-user
              Allow from 127.0.0.1
              Satisfy Any

Deny users by IP Address:

              Some users may be violate your contents. So you have to protect that particular user only. It can be done by .htaccess.
  Syntax:
               order allow, deny
               deny from 192.168.1.1
               allow from all
    where,
              the browser block the users from IP 192.168.1.1
 Considered another example,
  Syntax:
               order allow, deny
               deny from 192.168.1.
               allow from all
 where, the browser block the users from IP address starts with 192.168.1.

You can allow only one user and block all users using it.
  Syntax:
               order allow, deny
               allow from 192.168.1.1
               deny from all
 where, the browser allow the user from IP address 192.168.1.1 only

Deny users by referrer:

               Considered as a example, you host a new site. you may be got referrals. /at this stage, your site have been spammed. This spam will affect the log file. It render your log files useless. We can solve it by .htaccess.
  Syntax:
              RewriteEngine On
              # Options +FollowSymlinks
              RewriteCond %(HTTP_REFERRER) example\.com [NC]
              RewriteRule .* - [F]
   where,
             RewriteEngine On - turn on the mod_rewrite.c
             Options +FollowSymlinks should be start with ' # '. Otherwise it give error message ' 500 Internal Server Error ' .
             RewriteCond %(HTTP_REFERRER) example\.com - it tells server to block traffic from example.com
             [NC] - not case sensitive

You can create multiple referrer.
  Syntax:
              RewriteEngine On
              # Options +FollowSymlinks
              RewriteCond %(HTTP_REFERRER) example\.com [NC, OR]
              RewriteCond %(HTTP_REFERRER) anotherone\.com 
              RewriteRule .* - [F]
  where,
            it says server to block traffic from example.com and anotherone.com.

11 comments:

  1. shall i denied access users who coming from particular browser?

    ReplyDelete
  2. How can i protect users from particular browser

    ReplyDelete
    Replies
    1. You can do it by just adding the follwing to your .htaccess file:
      RewriteCond %(HTTP_USER_AGENT) ^.*browsername.*$
      RewriteRule .* error.php [R,L]

      Delete
  3. Replies
    1. When your site is opened in particular brower, It redirects to error page. So you will get error page's output.

      Delete
  4. can i block users from particular version of browser?

    ReplyDelete
    Replies
    1. Surely you can do this. Just add the following to your .htaccess file:

      RewriteCond %(HTTP_USER_AGENT) ^.*browsername/version.*$
      RewriteRule .* error.php [R,L]

      for example,
      RewriteCond %(HTTP_USER_AGENT) ^.*chrome/10.*$
      RewriteRule .* error.php [R,L]

      Delete
  5. Thank you very much for your useful post. i get more interested to learn about .htaccess.

    ReplyDelete