> For the complete documentation index, see [llms.txt](https://docs.glesys.com/llms.txt). Markdown versions of documentation pages are available by appending `.md` to page URLs; this page is available as [Markdown](https://docs.glesys.com/products/compute/guides-for-server-management/access-controls-in-apache.md).

# Access controls in Apache

***

Here, we'll focus on managing access using a `.htaccess` file. Every virtual host on a machine has its own `.htaccess` file.

However, for the `.htaccess` file to have any effect regarding access control, the Apache server needs to have `AllowOverride AuthConfig` in the virtual host's configuration. For example, this can look like below:

<pre data-title="Example vhost configuration, AllowOverride is highlighted"><code>&#x3C;VirtualHost *:443>
        ServerName my-test.site
        ServerAdmin webmaster@my-test.site
        DocumentRoot /var/www/my-test.site

        &#x3C;Directory /var/www/my-test.site>
            Options Indexes FollowSymLinks
<strong>            AllowOverride AuthConfig
</strong>            Require all granted
        &#x3C;/Directory>
        
        Include /etc/letsencrypt/options-ssl-apache.conf
        SSLCertificateFile /etc/letsencrypt/live/my-test.site/fullchain.pem
        SSLCertificateKeyFile /etc/letsencrypt/live/my-test.site/privkey.pem
&#x3C;/VirtualHost>
</code></pre>

Once the `AllowOverride` directive is in place, you can start limiting access through a `.htacess` file.

## Protecting a directory with a username and a password

First, create a password file:

{% code title="Command" %}

```
htpasswd -c /usr/local/apache/passwd/passwords exampleuser
```

{% endcode %}

Add the following to a `.htaccess` file in the virtual host's document root:

{% code title=".htaccess" %}

```
AuthType Basic
AuthName "Restricted Files"
AuthBasicProvider file
AuthUserFile /usr/local/apache/passwd/passwords
Require user exampleuser
```

{% endcode %}

Now, when someone tries to access the files in this virtual host's document root, they'll be prompted to enter a username and password.

### Combining a username with the directive "Satisfy any"

Something that isn’t as widely known is the Apache directive **Satisfy any**. If you add the following to the above `.htaccess` file:

{% code title="Addition to the .htaccess file" %}

```
Order allow,deny
Allow from 2a02:750:dead:beaf::/64
Satisfy any
```

{% endcode %}

...you change the behavior from requiring a password to requiring that the user either originates from `2a02:750:dead:beaf::/64` **or** provides a username.

With this setup, for example, a developer can access the website without entering a password (if they originate from `2a02:750:dead:beaf::/64`), while the site remains inaccessible to regular users. If the developer wants to access the site from outside of `2a02:750:dead:beaf::/64` they can still do that using the username/password.

## Blocking IP address

To only allow access from two specific IP addresses, edit the `.htaccess` file to only contain the content below:

{% code title=".htaccess" %}

```
Order Allow,Deny
Allow from 192.168.0.1
Allow from 192.168.1.2
```

{% endcode %}

We can also turn it around: block only those two IP addresses while allowing everything else. This example is, in other words, the complete opposite of the above example:

{% code title=".htaccess" %}

```
Order Deny,Allow
Deny from 192.168.0.1
Deny from 192.168.1.2
```

{% endcode %}

## More information

There is additional information about the `.htaccess` file available on Apache's website: <https://httpd.apache.org/docs/current/howto/htaccess.html>


---

# Agent Instructions
This documentation is published with GitBook. GitBook is the documentation platform designed so that both humans and AI agents can read, navigate, and reason over technical content effectively. Learn more at gitbook.com.

## Querying This Documentation
If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.glesys.com/products/compute/guides-for-server-management/access-controls-in-apache.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.