.htaccess Deny from All: How to Restrict Site Access
If you’re currently testing your site or setting it to maintenance mode, you might want to restrict visitors from accessing it. You can do so by adding the deny from all command to .htaccess.
In this tutorial, we’ll show you exactly how to do it. But first, let’s take an in-depth look at the .htaccess file!
What Is .htaccess?
.htaccess stands for “Hypertext Access”, it’s a configuration file which is used by Apache-based web servers to modify the server’s behavior.
You can also utilize the file for other purposes, such as creating a password for your site, changing your site’s time zone, making a custom error page, changing the default index page or redirecting URLs. You just need to add a few commands to .htaccess to make it happen.
For example, deny from all is a command that will allow you to apply access restrictions to your site.
How to Edit the .htaccess File?
If you want to edit the .htaccess file, you should enter the root folder of your site through your hosting control panel’s file manager or an FTP client such as FileZilla.
Let’s cover how to edit an existing .htaccess file using Hostinger’s hPanel:
- Log in to the hPanel.
- Enter the File Manager, which is located under the Files section.
- Access the public_html directory.
- Look for the .htaccess file, right-click on it, and choose edit.
You can start modifying the file right away. If you can’t find the .htaccess file in the public_html directory, you can create it yourself. Just click the New File button at the top right corner of the file manager, name it .htaccess, then click Create.
How to Use .htaccess deny from all to Restrict All Access?
Since a complete restriction would apply to your IP address too, you should identify your IP address beforehand using tools like What Is My IP Address and create an exception.
Make sure that your IP address is static, not dynamic, so you wouldn’t have to change it in the .htaccess file frequently.
Now, let’s place the deny from all command in the .htaccess file. Add the following code snippet to the top of the file if you want to block all access except yours:
order allow,deny deny from all allow from IP
Replace IP with your IP address to create the exception.
Now, if you want to allow access from all IP addresses but restrict access from a specific one, you can use this format:
order allow,deny deny from UndesiredIP allow from all
Here, as in the previous example, replace UndesiredIP with the IP address you want to restrict. Make sure to save the .htaccess file to apply the changes.
If you want to block access from specific countries, check out our other article here.
Conclusion
Now you’ve learned that restricting access to your site can be done by using .htaccess with the deny from all command. Don’t forget to allow access to your own IP address!
Do you have further questions regarding the .htaccess deny from all command? Let us know in the comment section!
Edvinas is a Backend Developer at Hostinger. During his free time, he likes to play Airsoft and play music with his band.
Comments
August 11 2020
How do you setup a site password instead of the "deny access" process which keeps failing for me?
August 25 2020
Hey there Ivan! I believe what you are referring to is password protecting a directory! If you are hosting via Hostinger, we have a a nice little tutorial to achieve that right here! :)
August 14 2023
I am trying to block the website css files from being downloaded using hacking tools. But it is not working properly. Any suggestions? The css files are not accessible from anyone, ok, but it should be allowed to the website itself. RewriteEngine On # Block direct access to CSS files from external domains RewriteCond %{HTTP_REFERER} !^http://(www\.)?mydomain\.com\.br [NC] RewriteRule \.css$ - [NC,F] # Allow internal access to all files RewriteCond %{REQUEST_FILENAME} !-f RewriteRule ^ - [L] ExpiresByType text/html "access 1 month" ExpiresByType text/css "access 1 month" ExpiresByType text/javascript "access 1 month" ExpiresByType text/x-javascript "access 1 month" ExpiresByType image/jpeg "access 1 year" ExpiresByType image/jpg "access 1 year" ExpiresByType image/png "access 1 year" ExpiresByType image/svg "access 1 year" ExpiresByType image/gif "access 1 year" ExpiresByType application/pdf "access 1 month" ExpiresByType application/javascript "access 1 month" ExpiresByType application/x-javascript "access 1 month" ExpiresByType application/xhtml+xml "access 1 month" ExpiresByType application/x-shockwave-flash "access 1 month" ExpiresByType image/x-icon "access 1 year" ExpiresDefault "access 4 days"
August 18 2023
Hello there! Seems like it won't be possible via .htaccess as instructed here. However, you can enable hotlink protection as guided here.