CODEWITHSUNDEEP
phpapache.htaccesssecurity
Anar Bayramov
Anar Bayramov

Reputation: 11584

.htaccess instead of username password protection

I am just coding a small website with an admin panel. Since I am going to be the only one who will access that panel I was thinking instead of making traditional username - password matching just make simple .htaccess file to admin folder as 

 <Limit GET POST>
 order deny,allow
 deny from all
 allow from myip
 allow from 127.0.01
</Limit>

So the question is since my ip is static. This kind of protection will be secure or do I have to do it with username - password matching ?

Also if the idea is logical but .htaccess needs more additions what would they be ?

Upvotes: 0

Views: 224

Answers (3)

cEz
cEz

Reputation: 5062

Restricting by IP is a perfectly valid alternative to protecting with a password, but less flexible for access.

If you use SSL then you could implement SSLRequire to make things more flexible whilst still "password-less" (note issue with threaded MPM).

However, for the small amount of effort that it would take to implement password protection using HTTP authentication I would argue that you should be as secure as possible. Even if it is a personal website, it can still be hijacked and used to send SPAM, etc.

Upvotes: 3

Alex Pliutau
Alex Pliutau

Reputation: 21957

What about order?

order deny,allow
deny from all
allow from 127.0.0.1

Upvotes: 1

Boynux
Boynux

Reputation: 6222

Syntax is like this:

<Limit GET POST>
 order deny,allow
 deny from all
 allow from 1.2.3.4
 allow from 127.0.01
</Limit>

It should be secure but keep in mind that if some one from the same server tries to access you web pages then with 127.0.0.1 IP it is no longer protects your pages.

Upvotes: 1

Related Questions