Restrict access to directory or domain by IP, using .htaccess

I don’t blah too much on this subject.
Basically, you can restrict or allow who can connect to your site or who can access specific directories using .htaccess .

Here’s the code to block one specific IP, I use 192.168.0.1 to block, you replace it with the IP you want to deny.


order allow,deny
deny from 192.168.0.1
allow from all


That is. Placed in the root of your site, the user with the IP 192.168.0.1 will not be able to access your site at all. If you place it in a specific subdirectory of your site, the user won’t access the specific subdirectory. If you want to put more IPs in your deny list, just add one more deny line for each IP.

To block by domain, replace the IP with a domain. For example:


order allow,deny
deny from .comcast.net
deny from .google.com
allow from all


If you look hard, you will observe that I put a dot in front of the domains. It has only one meaning: if you put a dot in front of the domain, all the sub-domains will be blocked. For example, in the second deny rule i said to deny everybody from google.com, including www.google.com, googlebot.google.com, finance.google.com, you get it.

And as always, we saved the world again.

Be Google’s friend: Make your URLs canonical with .htaccess

This subject is… is… well
Every second site on the net has at least one article about this subject. But to be honest, it’s good to have so many articles about this, in a way. At least people recognize they should use it. Or not.
So, what’s the fuss around the URL canonicalization? One thing only: the search engines and their hate of duplicated content. If your website is accessible both on www.example.com and the plain example.com the search engines will index both areas, they think you duplicated your content to get more positions in the search results, so they penalize your domain. Weird. They should know it’s the same website, or at least the coders should teach them that www is the same with non-www. Or at least on well-configured servers.
So, here pops Apache in and throws a resolution for the issue: the mod_rewrite engine, again. You will have to have mod_rewrite bundled into Apache and working correctly.
As always, here’s the code for those who just want to copy&paste and then the explanation for all the lines.


RewriteEngine On
RewriteCond %{HTTP_HOST} ^www\.example\.com [NC]
RewriteRule ^/(.*) http://example.com/$1 [R=301,L]


That is. Placed in a .htaccess file, it will redirect with code [301:Moved Permanently] all the queries sent to the www.domain.com to domain.com. Now let’s explain it line-by-line:

1. We switch On the mod_rewrite module, thus telling Apache we want to work with it.
2. If the hostname contains “www”, apply the rule, so this a condition
3. This last line is the rule which has to be done if the condition can be applied on the HTTP request. In our case do a 301 redirection to the non-www version of the site

That was all. Search engines are now happy, World saved again.
As always, if something is unclear, drop a comment and i answer as soon as possible.

Hotlink Protection using .htaccess made easy

This is one of the most used tricks by the webmasters who care about their allocated bandwidth. The code which controls what are domains where your images can show up is very short, 4 line that is.
As always, I provide the full code, then below it I explain everything.
To use this code, you have to have an Apache web-server with mod_rewrite correctly installed.
So, let’s see the code for those who don’t want the explanations:


RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]


Now some explanations:
The first line,

RewriteEngine on

practically tells Apache we will do something with mod_rewrite so turn it on. This line is optional if you already turned it on before in the same .htaccess where you put the above code in.
The second line,

RewriteCond %{HTTP_REFERER} !^$

this is nastier. Basically, if there is no referrer, let the image to be displayed. I guess this needs a bit of explanation. When you navigate on the internet from one site to the other, the browser always sends a “referrer” header to the host you are accessing. So, for example if you are currently on http://www.Google.com and you navigate to http://yahoo.com, the browser will send yahoo the following : “Referrer: http://www.google.com”. This header is what we use in our .htaccess to prevent hotlinking, BUT! Some antiviruses, firewalls clears this header on the clients’ side so there is no referrer at all, thus we don’t know the user browses our site, or it’s hotlinking our image on another site. Thus we just let the image to be displayed if there is no referrer.

RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?example.com [NC]

If the referrer domain is our own domain, display the image. We set: http(s)?://(www\.)?yourdomain.com, so our condition will work on HTTP, HTTPS and also on our www and non-www hostname/domain.

And the last step is to tell Apache which files to protect:

RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]

In the above case the jpg, jpeg, png and gif images will be protected. If you want to protect your Flash-files as well, put swf in the list and your movies will not display embedded in remote sites.
On our domain the php files are also protected because the Imagick examples are parsed by php codes.

I hope the above example was somewhat useful, if you need help with it, just say your problem below and will answer as soon as possible.