The Apache Allow and Deny directives let you allow and deny access based on the host name, or host address, of the machine requesting a document. The Order directive goes hand-in-hand with these two, and tells Apache in which order to apply the filters. These are very useful for blocking unwanted access, or to restrict access to certain sections of the website. For example:
deny from 184.108.40.206
deny from 98.76.54.
deny from .example.com
allow from all
The above lines tell the Apache Web Server to block access from those with the IP address '220.127.116.11', or those whose IP address starts as '98.76.54.', or whose IP address resolves to .example.com. The second IP address is missing the fourth set of digits. This means any IP address which matches the firth three set of digits will be blocked. For example, '18.104.22.168' and '22.214.171.124' would both be blocked. You could also use deny from 98.76. or deny from 98., but these are less specific. Since you are throwing a larger net, you may block valid users. Be careful!
To setup blocking of all visitors except yourself (IP address 126.96.36.199):
deny from all
allow from 188.8.131.52
The above lines tell the Apache Web Server to block all visitors except those with the IP address '184.108.40.206': replace '220.127.116.11' with your own IP address. Typically you would use this to restrict access in admin areas to just you for security.
Blocked visitors will be shown a '403 Forbidden' error message. You can customize this error message by using the 'ErrorDocument' directive in the .htaccess file:
ErrorDocument 403 /error-403.html
All you have to do is to create and upload a error-403.html page to server root. Blocked users will be redirected to this page.
Last Revised: 2015-07-06