Google Answers Logo
View Question
Q: Restricting domains from web directory ( Answered 5 out of 5 stars,   0 Comments )
Subject: Restricting domains from web directory
Category: Computers > Internet
Asked by: jhabley-ga
List Price: $10.00
Posted: 05 Jan 2004 15:00 PST
Expires: 04 Feb 2004 15:00 PST
Question ID: 293435
I have my site hosted on a hosting company's servers. I have a
directory in that site, let's call it   
I'd like to restrict access to the "notsafe" directory. Ideally, I'd
like to only permit web access if the requesting browser comes from
one of a list of permissable domain names (namely, my work and my

I know one can restrict an ENTIRE site's traffic by using .htaccess in
the root directory, but (a) I don't think I can use htaccess to
restrict certain directories (I may be wrong here).... (b) I'm never
quite sure if htaccess should reside in the root of my
publicly-accessible web root or its parent.... (c) I tried muddling
with htaccess and accidentally wiped out my FrontPage extensions.

Is there a way I can restrict access to one directory to only certain
accessing domains?
Subject: Re: Restricting domains from web directory
Answered By: aditya2k-ga on 06 Jan 2004 01:14 PST
Rated:5 out of 5 stars
Hi jhabley-ga,

Good day and thanks for your question.

To answer (a), you can use htaccess to restrict directories, even webpages.

First determine which IP addresses you wish to grant or deny access
to. IP address can be in either numberic format or by hostname.

Next create a file called .htaccess in the directory that you wish to
limit access to. This access restriction will affect all files and
subdirectories under this directory. In the file .htacess, add the
following lines:

<limit get post>
order deny allow
deny from
allow from

If you want to block access to your pages from a particular IP, then
add the line deny from, replacing with
the actual IP address. If you want to grant access to a certain IP
address then you would add the line allow from,
replacing with the actual IP address for each IP
address. Order is important here! All lines starting with DENY must
come before any line starting with ALLOW.
It is possible to use "wildcards" when specify IP addresses. For
example, .edu will match any machine whose hostname ends with .edu.
While 128.8. will match any machine whose IP address starts with 128.8

I hope this answered your question. If you have any clarifications,
please don't hesitate to ask.

Thank you for using this service and have a nice day


Request for Answer Clarification by jhabley-ga on 06 Jan 2004 09:33 PST
Thanks - a question... is it possible for me to wildcard it so that it
denies everyone except two or three specific domain names?

For instance, would this work?

limit get post>
order deny allow
deny from *
allow from

Request for Answer Clarification by jhabley-ga on 06 Jan 2004 09:39 PST
Incidentally, I'm getting this error when I upload a  .htaccess  file
(using wsftp to upload in ASCII mode):

"Premature end of script headers:" 
This will usually follow any error messages sent out by a program. By
default, all error messages (messages which are sent to stderr) go to
the error log file.
This indicates that the program failed to return a valid
"Content-type" string to the server. This is usually because the
program is a script which failed to compile or because of the fact
that stdout is buffered by deafult. If this is a Perl script, try
adding "$| = 1;" to the top of the program.
"Illegal character \015 (carriage return)" 
This indicates that the CGI program is a Perl script which was
incorrectly uploaded to the server with "BINARY" transfer mode, after
being developed and/or edited on a non-UNIX machine (any platform
which uses more than just one character to indicate an end-of-line
state). To fix this problem, resend the script to the server after
setting your FTP client to use "ASCII" transfer mode. In this mode,
the server will translate the file such that it contains just the one
character, making it valid on UNIX machines.

P.S. I did indeed include an open   <   in the code -- the example I gave above...

Clarification of Answer by aditya2k-ga on 06 Jan 2004 10:52 PST
For your first clarification,

You don't have to specify the deny from *
The moment you specify 'allow from', it allows access only to those domains
To deny all IPs, the syntax would be "deny from all"

As far as your second clarification is concerned, try recreating the
file using notepad, and don't use the Tab key. Also, make sure there
are no lines at the beginning or end of the file.

I also hope you're uploading a 'full' htaccess file which includes the
parts before <limit get post>

Request for Answer Clarification by jhabley-ga on 06 Jan 2004 10:58 PST
Thanks -- So, let me see if I have it right.

1. If I only use an "allow from" between the <limit>
tags, ONLY that domain can access it? I don't need to use a DENY FROM
to keep all others out, and should omit that line entirely?

2. Does it block only HTTP access, or ALL access (i.e. FTP, FrontPage).

 > I also hope you're uploading a 'full' htaccess file which includes the
 > parts before <limit get post>

Hmmmm... nope, just what you put. What should the other items in that file be?

Request for Answer Clarification by jhabley-ga on 06 Jan 2004 14:23 PST
Helloooo?... ;)

Clarification of Answer by aditya2k-ga on 06 Jan 2004 19:14 PST
Sorry for taking ISP had some connectivity issues, and I was
cut off from the net for most part of the day.

For security, you should not upload the htpasswd file to a directory
that is web accessible (, it should be placed
above your www root directory. You'll be specifying the location to it
later on, so be sure you know where you put it. Also, this file, as
with htaccess, should be uploaded as ASCII and not BINARY.

Create a new htaccess file and place the following code in it:

AuthUserFile /usr/local/you/safedir/.htpasswd
AuthGroupFile /dev/null
AuthName EnterPassword
AuthType Basic

require user wsabstract

The first line is the full server path to your htpasswd file. If you
have installed scripts on your server, you should be familiar with
this. Please note that this is not a URL, this is a server path. Also
note that if you place this htaccess file in your root directory, it
will password protect your entire site, which probably isn't your
exact goal.

The second to last line require user is where you enter the username
of those who you want to have access to that portion of your site.
Note that using this will allow only that specific user to be able to
access that directory. This applies if you had an htpasswd file that
had multiple users setup in it and you wanted each one to have access
to an individual directory. If you wanted the entire list of users to
have access to that directory, you would replace Require user xxx with
require valid-user.

The AuthName is the name of the area you want to access. It could
anything, such as "EnterPassword". You can change the name of this
'realm' to whatever you want, within reason.

After those lines, you should place the <limit get post> onwards lines.

For great resources on .htpasswd, visit


Request for Answer Clarification by jhabley-ga on 07 Jan 2004 08:34 PST
Hi - thanks for the additional info. The problem is, as I mentioned
I'm on a hosted server. In other words, I only have access to the root
of my shared directory which contains a few system-related files and a
big HTML directory which is public.

What I'm after is the text I would need to put in a  .htaccess  file
which I would drop into the directory I need to restrict.

Request for Answer Clarification by jhabley-ga on 07 Jan 2004 08:48 PST
Also, your posting seemed to talk about htpasswd and forcing passwords
on people. That's not what I'm after. I'm trying to block all access
from specific domains to a specific directory. In other words, I only
want people coming from and to have access to pages in

When I upload this htaccess file (ASCII mode):

    <limit get post>
    order deny allow
    deny from all
    allow from
    allow from

...I get the CGI error I posted earlier.

Clarification of Answer by aditya2k-ga on 07 Jan 2004 10:02 PST is what the file should be :

<Limit GET POST> 
order allow,deny 
allow from

If this returns the same CGI error, then I need to know
(a) What your webhost's server is running (which OS)
(b) Browser you used when you got that error. Try using different
browsers. Sometimes, that error crops up on Mozilla.
jhabley-ga rated this answer:5 out of 5 stars
That worked, thanks. :) The CGI error must have been a problem with the syntax.

There are no comments at this time.

Important Disclaimer: Answers and comments provided on Google Answers are general information, and are not intended to substitute for informed professional medical, psychiatric, psychological, tax, legal, investment, accounting, or other professional advice. Google does not endorse, and expressly disclaims liability for any product, manufacturer, distributor, service or service provider mentioned or any opinion expressed in answers or comments. Please read carefully the Google Answers Terms of Service.

If you feel that you have found inappropriate content, please let us know by emailing us at with the question ID listed above. Thank you.
Search Google Answers for
Google Answers  

Google Home - Answers FAQ - Terms of Service - Privacy Policy