1and1 Help Centre Categories

print article

Deny/Allow Access to the Website (Files)

There are many possibilities when managing who is able to view your site in a browser and what files are able to be accessed. Some options you have are to:

  • Deny all sources from viewing your website and website files.
  • Deny all sources aside from a few exceptions (such as yourself) from viewing your website and website files.
  • Allow all sources to view your website and website files (default action).
  • Allow all sources aside from a few exceptions to view your website and website files.
  • Deny all sources from viewing .jpeg files.
  • Deny all sources aside from a few exceptions (such as yourself) from viewing .jpeg files.

The default action for 1&1 hosting servers is to display all website files contained in your webspace to anyone that requests it. There are some exceptions in place for security such as the logs/ folder being inaccessible without the correct username and password. Also configuration files such as .htaccess cannot be viewed via a web browser publicly. All of this aside, anything that you upload to your webspace will be viewable to everyone.

Other Security Methods
It is possible to change permissions on files so that they are no longer readable. This meaning that such files would no longer be accessible from a web browser, but denying read permission for a file means the hosting server will not be able to read the file either which may be necessary.

You can also password protect directories from the 1&1 Control Panel to restrict access to specific folders in your webspace. This method will alter the .htaccess file to restrict access, requiring the correct user name and password in order to gain access. You could edit the .htaccess file yourself to accomplish the same result however.

Please note:
Setting up or removing a protected directory via the 1&1 Control Panel will overwrite your existing .htaccess file, so please be careful when doing this.
Examples
Please note that Error 500 pages mean that there is a problem with the .htaccess file. This can be anything from a simple spelling mistake to a syntax error. If you receive a 500 error after making a change to the .htaccess file, please double check your changes. The examples below will show you how to manage accessibility to your site via HTTP (a web browser). The following example code should be saved within a .htaccess file which is saved in your webspace, in the folder that contains your website files. The .htaccessk file is recursive meaning that settings defined in this file are applied to only the folder where it is saved and all subfolders and subfiles.

If done correctly, anyone trying to access part of your site that is not allowed should receive a 403 Forbidden page instead of the actual page.

Deny access to entire website from all sources except 192.168.0.100
Allow from 192.168.0.100
Deny from all

This is a convenient option when you are starting a website that you need to view as you work on it but do not want the site to be publicly viewable. Go to WhatIsMyIP.co.uk? to find out the IP address of your home's Internet connection. Enter your IP address in place of the 192.168.0.100 IP address. Please also note that your home IP address may change in the future and you might have to update the .htaccess file before you will be able to view the site again.
Deny access to all .html files from all sources except 192.168.0.100
<FilesMatch "\.html$">
Allow from 192.168.0.100
Deny from all
</FilesMatch>

This method will allow anyone to view all website files except for .html files. Anyone with the IP address 192.168.0.100 will be able to view the all website content since this IP address is on the allow list. Go to WhatIsMyIP.co.uk? to find out the IP address of your home's Internet connection. Enter your IP address in place of the 192.168.0.100 IP address. Please also note that your home IP address may change in the future and you might have to update the .htaccess file before you will be able to view the site again.
Deny access to all .html, .htm, .txt, .jpg, .jpeg files from all sources except 192.168.0.100 and trustedsite.com
<FilesMatch "\.(html|htm|txt|jpg|jpeg)$">
Allow from 192.168.0.100
Allow from trustedsite.com
Deny from all
</FilesMatch>

This method will allow anyone to view all website files except for .html, .htm, .txt, .jpg, .jpeg files. Anyone with the IP address 192.168.0.100 will be able to view the entire website content since this IP address is on the allow list. Go to WhatIsMyIP.co.uk? to find out the IP address of your home's Internet connection. Enter your IP address in place of the 192.168.0.100 IP address. Please also note that your home IP address may change in the future and you might have to update the .htaccess file before you will be able to view the site again.
Allows access to all website content from any source except baddomain.com and 192.168.0.100
Deny from baddomain.com
Deny from 192.168.0.100

This method will allow anyone except for baddomain.com and 192.168.0.100 to view all website files. You do not have to specify subdomains if you already have a domain listed. Denying baddomain.com will also block all subdomains of baddomain.com.
For additional information, you may want to reference: