Grow your CSS skills. Land your dream job.

Block a Website for Everyone But You

Published by Chris Coyier

Quick little .htaccess trick today for ya'll. This snippet will redirect any visitor who is not at at one of the provided IP addresses. You can use as many or as few as you would like. This is just a very quick way to block access to a site for, say, everyone but you. Or, everyone but you and a few select co-workers or clients.

RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_HOST} !^71\.225\.113\.171
RewriteCond %{REMOTE_HOST} !^71\.185\.239\.212
RewriteCond %{REMOTE_HOST} !^69\.253\.223\.254
RewriteCond %{REQUEST_URI} !/comingsoon\.html$
RewriteRule .* /comingsoon.html [R=302,L]

Thanks for Brian Phillips for sending me this little trick a while back. Definitely useful! An alternative is password protecting the site, which can also be done with .htaccess.

Comments

  1. Permalink to comment#

    Cool tip brian and chris, the password one is truly useful too, espesh when developing a site for a client.

  2. Mike Summers
    Permalink to comment#

    I use this technique to keep people from snooping around certain directories on my websites. Keep in mind that it only works if you have a static IP though.

  3. Permalink to comment#

    Awesome. thx for the trick. i'll use it in some client stuff in the future i'm sure.

    My old trick was keeping it on a thumb drive, or not putting it online :) that keeps the site safe. ha.

  4. Matthew Donadio
    Permalink to comment#

    You can also do

    Order Deny,Allow
    Deny from all
    Allow from 71.225.113.171 71.185.239.212 69.253.223.254

    to lock down a whole site.

  5. Thanks for this trick. Question though, how secure is this just by itself? I was under the impression validating by IP isnt very reliable as IP addresses can be spoofed. Am I mistaken?

  6. Permalink to comment#

    Cool tip guys, this will come in handy very soon

    cheers

  7. Paul
    Permalink to comment#

    That's nice but I think doing it in php is a lot easier.
    <?php
    $ip = $_SERVER['REMOTE_ADDR'];
    if($ip != '823.23.23.122') {
    header("Location: underconstruction.html");
    exit;
    }
    ?>

  8. Cool, thanks for sharing that technique as well Paul.

  9. b
    Permalink to comment#

    Right Drew, you wouldn't want to use this to secure a site. But its a handy way to redirect everyone to a coming soon or under construction page while you are working / testing on the server.

  10. Permalink to comment#

    This is awesome, Thanx Chris

  11. Andrew
    Permalink to comment#

    Great tip, thanks!

    Does anyone have a link to a good tutorial on .htaccess or PHP URL rewriting? I am trying to clean up the URL's on some of my sites.

    Thanks.

  12. fizzybunghole
    Permalink to comment#

    … that's nice but not everyone uses PHP do they….? If you'd said "If you're using PHP…." it would have sounded less arrogant.

  13. Permalink to comment#

    I find it much easier to check for a custom cookie that I can set. I just wrote a blog post about my method.

    http://notso.silent-e.com/2008/11/24/how-i-block-

    (e)

  14. Nice trick.
    How about the opposite.. allow any IP except for 1.

  15. Malik M Nasir Awan
    Permalink to comment#

    Paul Your trick is great Its easily understandable
    Thanks for knowledge share

This comment thread is closed. If you have important information to share, you can always contact me.

*May or may not contain any actual "CSS" or "Tricks".