Forum Topic: File protection by IP

Forum: .htaccess Forum : Security • Posted by Lloyd Spencer • Updated:


I have been using the following code to protect a number of files on my wordpress installation, specifically /wp-admin, register, login php etc.

However since reading the book I wanted to check if I should have a $ sign at the end of the full ip address?

The first 3 IP’s are to cater for an IP range, the last should be a whole IP address.

RewriteCond %{REQUEST_URI} wp\-register\.php
RewriteCond %{REMOTE_ADDR} !^1\.28\.
RewriteCond %{REMOTE_ADDR} !^1\.24\.
RewriteCond %{REMOTE_ADDR} !^1\.31\.
RewriteCond %{REMOTE_ADDR} !^01\.151\.123\.201
RewriteRule ^(.*)$ [R,L]

The above represents what I currently have, I have just changed the IP addresses.


2 Replies to “File protection by IP”

Posted by Jeff Starr

Great question. The $ denotes the end of a pattern-match. If appended to !^01\.151\.123\.201, then literally only one IP address will be matched. If excluded, then any IP that begins with may be matched.

Chances are slim that any matching IPs will visit your site in the latter case, but it is possible. The safe way to go is to include the $ just to be sure. Ultimately however, it all depends on which IPs exactly you want to match.

Posted by Lloyd Spencer •

Thank you very much, that answered my question perfectly!

Have a great day,