htaccess access to file by ip range

How to allow access to file only to use开发者_开发问答rs with ip which are in a range of ip addresses?

For example file admin.php. and range from 0.0.0.0 to 1.2.3.4.

I need configure access to only ONE file not to directory.

Just add a FilesMatch or Files directive to limit it to a specific script.

The following would block acces to all scripts ending in "admin.php" :

<FilesMatch "admin\.php$">
    Order deny,allow
    Deny from all
    Allow from 10.0.0.0/24
</FilesMatch>

The following would ONLY block admin.php :

<Files "admin.php">
    Order deny,allow
    Deny from all
    Allow from 10.0.0.0/24
</Files>

For more information refer to the apache docs on Configuration Sections.

check the man page of the Allow Directive

Order Deny,Allow
Deny from all
Allow from 10.1.0.0/255.255.0.0

A partial IP address

Example:

Allow from 10.1
Allow from 10 172.20 192.168.2

The first 1 to 3 bytes of an IP address, for subnet restriction.

A network/netmask pair

Example:

Allow from 10.1.0.0/255.255.0.0

A network a.b.c.d, and a netmask w.x.y.z. For more fine-grained subnet restriction.

A network/nnn CIDR specification

Example:

Allow from 10.1.0.0/16

Similar to the previous case, except the netmask consists of nnn high-order 1 bits.

You cannot match an IP range with allow, but you can emulate it with a CIDR notation:

Order allow,deny

# 0.0.0.0 - 0.255.255.255.255
Allow from 0.0.0.0/8

# 1.0.0.0 - 1.1.255.255
Allow from 1.0.0.0/15

# 1.2.0.0 - 1.2.1.255
Allow from 1.2.0.0/23

# 1.2.2.0 - 1.2.2.255
Allow from 1.2.2.0/24

# 1.2.3.0 - 1.2.3.3
Allow from 1.2.3.0/30

# 1.2.3.4
Allow from 1.2.3.4

Just do this for a single IP:

<Limit GET POST>
order deny,allow
deny from all
allow from 1.2.3.4
</Limit>

If you want to do it for a range like 10.x.x.x, then do this:

<Limit GET POST> 
order allow,deny 
allow from 10
deny from all
</LIMIT>

If you are using WordPress, then the Best and Simplest method is to install the plugin - LionScripts : WordPress IP Blocker from their website http://www.lionscripts.com/ip-address-blocker

Their Professional version has much more features like country blocking and IP range blocking, bulk csv uploading etc.

if you to provide a wildcard 0.0.255.255

Order allow,deny
# 1.2.0.0 - 1.2.255.255
Allow from 1.2.0.0/16

This will give a range from 1.2.0.1 - 1.2.255.254

you can also check here

I wanted to redirect all but cetain Ip's to a maintenance page - our IPs all on same network - The following worked based on shamitomar's answer above :

# TEMP MAINTENANCE PAGE
# MAINTENANCE-PAGE REDIRECT
<IfModule mod_rewrite.c>
 RewriteEngine on
# One address that is on a diffrent network
 RewriteCond %{REMOTE_ADDR} !^xxx\.xxx\.xxx\.xxx
#allow all addresses from our network
 RewriteCond %{REMOTE_ADDR} !^xx\.xxx

#Stuff to allow so that we can show our maintenance page while we work
 RewriteCond %{REQUEST_FILENAME} !(styles|images).+$
 RewriteCond %{REQUEST_URI} !maintenance.html$ [NC]
 RewriteCond %{REQUEST_URI} !\.(jpe?g?|png|gif|js|css|ttf|woff) [NC] 
 RewriteRule .* /maintenance.html [R=302,L]
</IfModule>

Order Deny,Allow
Deny from all
Allow from 311.311.311 322.322.322.322

See answer here