How to password-protect, Allow or Deny a visitor based on a condition. If you are having trouble getting htaccess-based password protection to work see: Troubleshooting htaccess Authentication: Getting it to work

Generate Your authentication htpasswd files with my free Online Password Generator!

| .htaccess Tutorial Index |



Require password for 1 file only

<Files login.php>
AuthName "htaccess password prompt"
AuthType Basic
AuthUserFile /home/askapache.com/.htpasswd
Require valid-user
</Files>

Protect multiple files:

<FilesMatch "^(exec|env|doit|phpinfo|w)\.*$">
AuthName "htaccess password prompt"
AuthUserFile /.htpasswd
AuthType basic
Require valid-user
</FilesMatch>

Using the Apache Allow Directive in htaccess

network/netmask pair

Allow from 10.1.0.0/255.255.0.0

IP address

Allow from 10.1.2.3

More than 1 IP address

Allow from 192.168.1.104 192.168.1.205

Partial IP addresses, first 1 to 3 bytes of IP, for subnet restriction

Allow from 10.1
Allow from 10 172.20 192.168.2

network/nnn CIDR specification

Allow from 10.1.0.0/16

IPv6 addresses and subnets

Allow from 2001:db8::a00:20ff:fea7:ccea
Allow from 2001:db8::a00:20ff:fea7:ccea/10

Deny subdomains

Order Allow,Deny
Allow from apache.org
Deny from wireshark.apache.org

Allow from IP without password prompt, and also allow from any address with password prompt

AuthName "htaccess password prompt"
AuthUserFile /home/askapache.com/.htpasswd
AuthType Basic
Require valid-user
Allow from 172.17.10.1
Satisfy Any

Skeleton .htaccess file to start with

I use this when I start a new site, and uncomment or delete parts of the file depending on the sites needs

Ultimate htaccess file sample

#
#            DEFAULT SETTINGS
#
Options +ExecCGI -Indexes
DirectoryIndex index.php index.html index.htm
 
ErrorDocument 400 /cgi-bin/error.php
ErrorDocument 401 /cgi-bin/error.php
ErrorDocument 403 /cgi-bin/forbidden.cgi
ErrorDocument 404 /404.html
ErrorDocument 405 /cgi-bin/error.php
ErrorDocument 406 /cgi-bin/error.php
ErrorDocument 409 /cgi-bin/error.php
ErrorDocument 413 /cgi-bin/error.php
ErrorDocument 414 /cgi-bin/error.php
ErrorDocument 500 /cgi-bin/error.php
ErrorDocument 501 /cgi-bin/error.php
 
### DEFAULTS
ServerSignature Off
 
AddType video/x-flv .flv
AddType application/x-shockwave-flash .swf
AddType image/x-icon .ico
 
AddDefaultCharset UTF-8
AddLanguage en-US .html .htm .txt .xml .php
 
SetEnv TZ America/Indianapolis
SetEnv SERVER_ADMIN webmaster@askapache.com
 
### PHPINI-CGI
#AddHandler php-cgi .php
#Action php-cgi /cgi-bin/php5.cgi
 
### FAST-CGI
#AddHandler fastcgi-script .fcg .fcgi .fpl
#AddHandler php5-fastcgi .php
#Action php5-fastcgi /cgi-bin/fastcgi.fcgi
 
#
#           HEADERS and CACHING
#
# 1 YEAR
<FilesMatch "\.(flv|ico|pdf)$">
Header set Cache-Control "max-age=29030400, public"
</FilesMatch>
 
# 1 WEEK
<FilesMatch "\.(jpg|jpeg|png|gif|swf)$">
Header set Cache-Control "max-age=604800, public"
</FilesMatch>
 
# 3 HOUR
<FilesMatch "\.(txt|xml|js|css)$">
Header set Cache-Control "max-age=10800"
</FilesMatch>
 
# 1 MIN
<FilesMatch "\.(html|htm|php)$">
Header set Cache-Control "max-age=0, private, no-store, no-cache, must-revalidate"
Header set P3P "policyref=\"/w3c/p3p.xml\", CP=\"NOI DSP COR NID CUR ADM DEV OUR BUS\""
Header set imagetoolbar "no"
</FilesMatch>
 
#
#          REWRITES AND REDIRECTS
#
### SEO REDIRECTS
#Redirect 301 /ssl-ns.html /2006/htaccess/apache-ssl-in-htaccess-examples.html
#Redirect 301 /ht.tml 
#Redirect 301 /index.html /
#RedirectMatch 301 /2006/htaccess-forum/(.*) /2006/htaccess/$1
#RedirectMatch 301 /(.*)rfc2616(.*) http://rfc.askapache.com/rfc2616/rfc2616.html
#RedirectMatch 301 /phpmanual(.*) /manual/en/$1
 
### REWRITES
RewriteEngine On
RewriteBase /
 
### WORDPRESS
#<IfModule mod_rewrite.c>
#RewriteEngine On
#RewriteBase /
#RewriteCond %{REQUEST_FILENAME} !-f
#RewriteCond %{REQUEST_FILENAME} !-d
#RewriteRule . /index.php [L]
#</IfModule>
 
### REQUIRE WWW
#RewriteCond %{HTTP_HOST} !^www\.askapache\.com$ [NC]
#RewriteRule ^(.*)$ /$1 [R=301,L] 
 
### STOP LOOP CODE
#RewriteCond %{ENV:REDIRECT_STATUS} 200
#RewriteRule ^.*$ - [L]
 
### REDIRECT BLOG FEED TO FEEDBURNER
#RewriteCond %{HTTP_USER_AGENT} !^.*(FeedBurner|FeedValidator|Recent) [NC] 
#RewriteRule ^feed/?.*$ http://feeds.feedburner.com/apache/htaccess [L,R=302]
 
### BLOCK WGET
#RewriteCond %{HTTP_USER_AGENT} ^Wget.* [NC]
#RewriteRule .* /cgi-bin/forbidden.cgi [L] 
 
#
#           AUTHENTICATION 
#
### BASIC PASSWORD PROTECTION
#AuthName "Prompt"
#AuthUserFile /home/askapache.com/.htpasswd
#AuthType basic
#Require valid-user
 
### UNDER CONSTRUCTION PROTECTION
#AuthName "Under Development"
#AuthUserFile /home/askapache.com/.htpasswd
#AuthType basic
#Require valid-user
#Order Deny,Allow
#Deny from all
#Allow from 23.23.23.1 w3.org googlebot.com google.com google-analytics.com
#Satisfy Any

htaccess Guide Sections

| .htaccess Tutorial Index |



Related Articles