block access of a website from other computers using same ip - linux

I need to make a website secure so that only me and 2 other collegues in the office can access it. For that the first step i did is to block the access of all other ips except the office ip via creating an .htaccess file as follows
# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from 2.59.42.32
</Limit>
# PREVENT VIEWING OF .HTACCESS
<Files .htaccess>
order allow,deny
deny from all
</Files>
Now there are 30 other computers + other phone devices which has all the same ip. How can i block all the 27 computers and all devices to access this website? any idea?
Note: The website has a password for signing in. but I need to make it extra secure so that the password is not misused by the employees who have them. There is a possibility that the employees (to whom access is granted) can share it with other collegues.
Possible solutions:
I get an email of other computer names if they sign in?
I get a notification via email that more than 3 members are online?

You can set up SSL on the web server and authenticate to it using a certificate that only exists on that particular machine.
You can see this link

Related

Make public domain name only accessible from internal network

I bought a domain name from 1and1 but would like it to only be accessible for people connected to our company's internal network. Is it possible to continue letting 1and1 host the domain while also preventing access to the website unless connected to company network?
To Make public domain name only accessible from internal network, you can place a .htaccess at the root of your host with a 403 Error for All but your company network IP (xx.xx.xx.xx).
order deny,allow
deny from all
allow from xx.xx.xx.xx
To go further and make it cleaner, you should also redirect unwanted users to a public page with this line below the previous code:
ErrorDocument 403 http://example.com

.htaccess allow deny some ip and allow from my site

i have a video file that want to block from viewing from other sites (so users can watch it just from my website) but i want also to allow some ips that can access it from everywhere
So to allow just some ips i use
order deny,allow
deny from all
allow from 111.111.111.111
allow from 111.111.111.112
...
it works great but i want also to allow all users that play video in my website
www.example.com
so can i exclude my website from deny from all, so if user visit it from mysite those rules will not work for him

Can attacker circumvent a htaccess 'deny from all' command

I applied an htaccess file to the /administrator directory of a joomla website that is supposed to whitelist only my local ip address and my public ip address .
However, it appears that a new user account was created within that joomla account a couple of months after I applied the white list.
Order deny,allow
Deny from all
Allow from 127.0.0.1
Allow from 77.##.##.###
Can someone offer a theory on how this is possible?
Users can be created via front-end, even if you don't have a registration link or form there. Registration might be accessed by going to: index.php?option=com_users&view=registration
You can disable this option in Joomla back-end. To do so go to: System -> Global Configuration -> Users Manager and turn Allow User Registration to NO.

How to allow specific domain name to access my domain?

I have this in my .htaccess
<Limit GET POST>
Deny from all
Allow from xxx.x.xxx.x
Allow from xxx.xx.xxx.x
Allow from xxx.xx.xx.x
</limit>
So I am good with this setup now I am allowing certain ip to access my server but now I need add another but I cannot get their ip address so I need to allow via their url. How can I accomplish this case?
for example I want developer.paypal.com/(any) to allow to access the php scripts in my server
You can use:
Allow from bla.com
Assuming that bla.com is the domain name and that it is properly assigned to the IP that is making the requests to your site.
If the IP is not properly assigned to that domain name or is dynamic you can use a different approach such as user and password authentication, and others available.

block user accessing website

I want to block a specific user to access my website. I know it is not possible with Dynamic IP. Is there any other alternate to block the specific user to access website? I'm currently at APACHE LINUX based server.
The user manages web account at my website.
I'm managing a user account on PHP with $_SESSION variables. The user are authenticated using login and password just like any shopping cart website.
Unless the user has to log in, you have no way of knowing who is accessing your site if he's on a dynamic ip address. The only mechanism I can think of is to check any cookie that identifies the user that you've already placed on his system. This wouldn't of course stop them from accessing your site from a different machine.
Long story short - unless the user has to log in first of all, or you have some other means (cookie?) of identifying the user, then not that I know of.
can be achieved by .htaccess
to block a specific ip,
order allow,deny
deny from 127.0.0.1
allow from all
or use this to block a complete range of ip,
deny from 127.0.0

Resources