Controlling Access by Internet Address

Last updated: January 12, 2023
Audience: All UW

This article demonstrates how you can control access to Web pages based on computer addresses. You can grant or restrict access to individual computers or whole subdomains of computers.

Limitations

Controlling access to your website by computer address has some limitations:

  • It provides minimal protection – On the Internet, one computer can impersonate another computer, a practice known as “spoofing”. Spoofing defeats any access control method that depends on the validity of a computer’s address.
  • People move around – Internet users do not always use the same computer with the same address. You may not be able to predict or rely on them connecting to your website from a specific computer or domain.

For these reasons, try to control access to your website using passwords when possible.

Allowing Access

If you want to allow access to specific computers or subdomains:

  1. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  2. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    pico .htaccess

  4. If you wanted to allow access from the ip address 10.155.11.52, but block it from everywhere else, add the following text to this file:

    order deny,allow
    deny from all
    SetEnvIf X-Forwarded-For ^10\.155\.11\.52 env_allow_1
    Allow from env=env_allow_1
    Satisfy Any

  5. Replace address with the address of the computer or subdomain you want to have access.
  6. Add other “SetEnvIf X-Forwarded-For” and “allow from” directives to allow access from other computers or subdomains.
  7. Save the .htaccess file (in Pico use ctrl+x).

Denying Access

If you want to deny access to specific computers or subdomains:

  1. Log into your web development server using a terminal emulator. If you’re not sure how to do this, click here for instructions.
  2. At the prompt, enter the following command to change directories to your Web directory:

    cd public_html

    If you want to password protect a subdirectory rather than your whole website, change directories to the subdirectory you want to protect. For example:

    cd private

  3. At the prompt, enter the following command to create a .htaccess file in the current working directory:

    pico .htaccess

  4. To allow access from everywhere except ip address 10.155.11.62, add the following text to this file:

    order allow,deny
    allow from all
    SetEnvIf X-Forwarded-For ^10\.155\.11\.52 env_allow_1
    Deny from env=env_allow_1
    Satisfy Any

  5. Replace address with the address of the computer or subdomain you do not want to have access.
  6. Add other “SetEnvIf X-Forwarded-For” and “deny from” directives to disallow access from other computers or subdomains.
  7. Save the .htaccess file (in Pico use ctrl+x).