Forum Topic: File protection by IP

Forum: .htaccess Forum : Security • Posted by Lloyd Spencer • Updated: Sunday, October 18th, 2015 @ 10:45 pm

Hello,

I have been using the following code to protect a number of files on my wordpress installation, specifically /wp-admin, register, login php etc.

However since reading the book I wanted to check if I should have a $ sign at the end of the full ip address?

The first 3 IP’s are to cater for an IP range, the last should be a whole IP address.

RewriteCond %{REQUEST_URI} wp\-register\.php
RewriteCond %{REMOTE_ADDR} !^1\.28\.
RewriteCond %{REMOTE_ADDR} !^1\.24\.
RewriteCond %{REMOTE_ADDR} !^1\.31\.
RewriteCond %{REMOTE_ADDR} !^01\.151\.123\.201
RewriteRule ^(.*)$ http://example.com/ [R,L]

The above represents what I currently have, I have just changed the IP addresses.

Thanks!!

2 Replies to “File protection by IP”

Posted by Jeff Starr • Wednesday, May 22nd, 2013

Great question. The $ denotes the end of a pattern-match. If appended to !^01\.151\.123\.201, then literally only one IP address will be matched. If excluded, then any IP that begins with 01.151.123.201 may be matched.

Chances are slim that any matching IPs will visit your site in the latter case, but it is possible. The safe way to go is to include the $ just to be sure. Ultimately however, it all depends on which IPs exactly you want to match.

Posted by Lloyd Spencer • Thursday, May 23rd, 2013

Thank you very much, that answered my question perfectly!

Have a great day,

Lloyd

← Redirecting with ?=lang on the end

Looking for a simple Mobile redirect →

.htaccess made easy

improve security & performance

Forum Topic: File protection by IP

2 Replies to “File protection by IP”