Restrict Access to Web Site Q

Stingray

Is it possible to restrict access to a web site based on IP addresses? The scenario would be DENY ALL and then depending on the browsers known IP address allow access? I think it can be done but not sure, if it can what are the 'technical' terms/areas where these allowed IP addresses should be placed?

I know everything can be compromised, but is this a relatively easy way for an unauthorised person to gain access?

Thanks

zAbbo

.htaccess will do this

http://home.golden.net/htaccess.html
http://htaccessfile.com/htaccess-allow-ip-addresses
http://www.webmasterworld.com/apache/3290788.htm

Stingray

Just three follow up's on this,

1) the IP address I would look to use to allow access would be the "broadband IP" not the specific localised PC IP address. So any PC/laptop that plugs in using the Broadband IP line would have access etc. Is httaccess the same thing here?

2) httaccess looks relatively simple, is all that is required a small piece of code at the start of each web page's code, detailing the the allowed IP addresses? eg

order deny,allow
deny from all
allow from 12.345.67.890
allow from 890.67.345.12
allow from 234.23.54.65
etc etc

3) Does 2 above slow down significantly the web refresh eg if there was 10-20 allow IP's?

Thanks

zAbbo

You could setup a dynamic dns with your broadband, some routers allow that, and you can use an application to do this on a local machine.

That way you're allowing a hostname, and not IP

Bob_Harris

Stingray wrote: »

1) the IP address I would look like(?) to use to allow access would be the "broadband IP" not the specific localised PC IP address. So any PC/laptop that plugs in using the Broadband IP line would have access etc. Is httaccess the same thing here?

Not too sure of the question here.

Each customer to an Internet Provider has their own unique IP address. If you allow this address that and only that person will have access. If that person has a home network set up everyone connected to that home network will have access, because they all use the same external IP address.

You can use wild cards to specify a range of IP addresses, and restrict access to specific countries etc.

Stingray wrote: »

2) httaccess looks relatively simple, is all that is required a small piece of code at the start of each web page's code, detailing the the allowed IP addresses? eg

Htaccess commands are placed in a ".htaccess" file which sits on the root your directory on the web server, and can also sit in subdirectories on the web server if needed.

htaccess is specific to the Apache web server, but I think there are equivalents for other servers, like Windows Server. So you need to know what web server is running.

Stingray wrote: »

3) Does 2 above slow down significantly the web refresh eg if there was 10-20 allow IP's?
Thanks

No slowdown.

mneylon

Stingray wrote: »

Just three follow up's on this,

1) the IP address I would look to use to allow access would be the "broadband IP" not the specific localised PC IP address. So any PC/laptop that plugs in using the Broadband IP line would have access etc. Is httaccess the same thing here?

Any computer accessing the internet from a specific broadband connection would share the same public IP. (assuming that they don't have more than one public IP)

Stingray wrote: »

2) httaccess looks relatively simple, is all that is required a small piece of code at the start of each web page's code, detailing the the allowed IP addresses? eg

order deny,allow
deny from all
allow from 12.345.67.890
allow from 890.67.345.12
allow from 234.23.54.65
etc etc

No.

The .htaccess is a separate file that you would upload to your site's public web directory.

FYI - it will only work on Linux / Apache, so if the site in question is hosted on Windows with IIS you will need to find a different solution

Stingray wrote: »

3) Does 2 above slow down significantly the web refresh eg if there was 10-20 allow IP's?

Thanks

It shouldn't have much impact.

Stingray

Thanks everyone for the replies, just trying to tease out a basic understanding.

The public IP address is what I have in mind, in that, that would be the key access, so to speak. What happens though if the PC has its own internal IP address detailed, will browsing to eg. www.abc.ie allow this PC access if the htacess file only lists its public IP?

With hosting, do all the Irish 'hosters' allow you to host on Linux/Apache (so I can use .htaccess? Or are they all Windows based? To abide by board rules I'm not looking for recommendations, just the knowledge that they can provide it

Thanks

daymobrew

Stingray wrote: »

The public IP address is what I have in mind, in that, that would be the key access, so to speak. What happens though if the PC has its own internal IP address detailed, will browsing to eg. www.abc.ie allow this PC access if the htacess file only lists its public IP?

Go to http://www.whatismyip.com/ to see the public IP address. This is the one you will list in your .htaccess file.
The 'internal' IP address is the one allocated by your router/modem - it is generally something like 192.168.1.100. You can see it in Windows by running 'ipconfig' from the command line. I get:

$ ipconfig

Windows IP Configuration

Wireless LAN adapter Wireless Network Connection:

   IPv4 Address. . . . . . . . . . . : 192.168.1.102

Stingray wrote: »

With hosting, do all the Irish 'hosters' allow you to host on Linux/Apache (so I can use .htaccess? Or are they all Windows based? To abide by board rules I'm not looking for recommendations, just the knowledge that they can provide it

Most provide both.