CSS-Tricks

Block a Website for Everyone But You

* 11/19/2008  —  16 Comments *

by: Chris Coyier

Quick little .htaccess trick today for ya’ll. This snippet will redirect any visitor who is not at at one of the provided IP addresses. You can use as many or as few as you would like. This is just a very quick way to block access to a site for, say, everyone but you. Or, everyone but you and a few select co-workers or clients.

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^71\.225\.113\.171
RewriteCond %{REMOTE_HOST} !^71\.185\.239\.212
RewriteCond %{REMOTE_HOST} !^69\.253\.223\.254
RewriteCond %{REQUEST_URI} !/comingsoon\.html$
RewriteRule .* /comingsoon.html [R=302,L]

Thanks for Brian Phillips for sending me this little trick a while back. Definitely useful! An alternative is password protecting the site, which can also be done with .htaccess.


Bookmark at Delicious Digg this! Stumble this! Submit to DesignFloat Submit to DZone Share on Reddit Bookmark on Google Bookmarks

Responses


  1. Max says:
    November 19, 2008 at 3:56 am

    Cool tip brian and chris, the password one is truly useful too, espesh when developing a site for a client.

    Reply
  2. Mike Summers says:
    November 19, 2008 at 5:58 am

    I use this technique to keep people from snooping around certain directories on my websites. Keep in mind that it only works if you have a static IP though.

    Reply
  3. Lee says:
    November 19, 2008 at 9:18 am

    Awesome. thx for the trick. i'll use it in some client stuff in the future i'm sure.

    My old trick was keeping it on a thumb drive, or not putting it online :) that keeps the site safe. ha.

    Reply
  4. Matthew Donadio says:
    November 19, 2008 at 9:47 am

    You can also do

    Order Deny,Allow
    Deny from all
    Allow from 71.225.113.171 71.185.239.212 69.253.223.254

    to lock down a whole site.

    Reply
  5. Drew Douglass says:
    November 19, 2008 at 10:53 am

    Thanks for this trick. Question though, how secure is this just by itself? I was under the impression validating by IP isnt very reliable as IP addresses can be spoofed. Am I mistaken?

    Reply
  6. pab says:
    November 20, 2008 at 1:13 am

    Cool tip guys, this will come in handy very soon

    cheers

    Reply
  7. Paul says:
    November 20, 2008 at 2:44 am

    That's nice but I think doing it in php is a lot easier.
    <?php
    $ip = $_SERVER['REMOTE_ADDR'];
    if($ip != '823.23.23.122') {
    header("Location: underconstruction.html");
    exit;
    }
    ?>

    Reply
  8. chriscoyier says:
    November 20, 2008 at 2:52 am

    Cool, thanks for sharing that technique as well Paul.

    Reply
  9. b says:
    November 20, 2008 at 4:20 am

    Right Drew, you wouldn't want to use this to secure a site. But its a handy way to redirect everyone to a coming soon or under construction page while you are working / testing on the server.

    Reply
  10. Ariyo says:
    November 20, 2008 at 6:43 am

    This is awesome, Thanx Chris

    Reply
  11. Andrew says:
    November 20, 2008 at 8:17 am

    Great tip, thanks!

    Does anyone have a link to a good tutorial on .htaccess or PHP URL rewriting? I am trying to clean up the URL's on some of my sites.

    Thanks.

    Reply
  12. fizzybunghole says:
    November 22, 2008 at 7:26 am

    … that's nice but not everyone uses PHP do they….? If you'd said "If you're using PHP…." it would have sounded less arrogant.

    Reply
  13. Matte says:
    November 24, 2008 at 10:52 am

    I find it much easier to check for a custom cookie that I can set. I just wrote a blog post about my method.

    http://notso.silent-e.com/2008/11/24/how-i-block-...

    (e)

    Reply
  14. Neill horsman says:
    December 3, 2008 at 12:46 pm

    Nice trick.
    How about the opposite.. allow any IP except for 1.

    Reply

Leave a Comment

Save time next time! (You won't have to fill out all these fields) Register | Login

Gravatar

Your Name
1/6/2009