Restrict website access by IP address in Plesk (.htaccess allowlist/denylist)

Sometimes you want to limit access to a website or a specific folder — for example, a staging site, a development area, or a private admin panel. A simple method is to restrict access by IP address using .htaccess.

Before you start

• This method works on GARMTECH hosting where .htaccess rules are supported.
• Be careful: you can lock yourself out. Make sure you still have FTP‑SSL or Plesk access.
• Know your public IP address (the IP you want to allow).

Restrict the entire website (document root)

Create or edit .htaccess inside your website root folder (usually httpdocs).

Allow only one IP

<RequireAll>
  Require all denied
  Require ip 203.0.113.10
</RequireAll>

Allow multiple IPs (and a subnet)

<RequireAll>
  Require all denied
  Require ip 203.0.113.10
  Require ip 198.51.100.25
  Require ip 192.0.2.0/24
</RequireAll>

Restrict only a folder (recommended for admin/staging)

If you want to protect only a specific path (for example /staging/), place the .htaccess file inside that folder.

Block a specific IP but allow everyone else

Require all granted
Require not ip 203.0.113.10

Notes for Cloudflare users

If your domain is behind Cloudflare proxy, the server can see Cloudflare IPs instead of visitor IPs. In that case, IP allowlisting may not behave as expected. Use Cloudflare Firewall/Access rules, or disable proxy for testing.

Rollback

If you accidentally block yourself, remove the rules from .htaccess using Plesk File Manager or FTP‑SSL.