There are a lot of ways to protect and lock down subdomains, folders, and even specific files. The preferred, reliable, and easiest way to do this is using .htaccess
and .htpasswd
files.
Block All, Except IPs you set
Order Deny,Allow Deny from all Allow from 111.222.333.444 # Single IP Allow from 111.222.333.0/99 # Range from .0 to .99
Set a Username and Password
To set a login and block everything else on a folder or subdomain, you need two files.
.htaccess
tells us what type of Authentication and where to look for it.
.htpasswd
stores the username and password the .htaccess
looks for. It can also store multiples if you want to give users their own unique login.
.htaccess file:
AuthType Basic AuthName "Protected" AuthUserFile /my/path/to/.htpasswd Require valid-user
.htpasswd file:
here is an example of username: user, password: password
user:$apr1$ZuZXm5r4$UqiQ7QOz.kc47U/HTVNWa0
You’ll need to generate your password for these, I recommend the generator from htaccesstools.com
Further Reading
You can do a lot with .htaccess
, if you want to dive deeper here are some links: