I'm testing a php / js chat app that has an admin dashboard installed in a public_html root subfolder.
The chatbox is displayed on a separate domain, via embedded javascript.
I've protected the app install with a htaccess file to restrict access to two IP addresses:
<Directory /hidedirectory>
options -Indexes
Order Deny,Allow
Deny from all
Allow from xx.xxx.xx.xx,xx.xxx.xxx.xxx
</Directory>
However, this stops the app displaying in the users browser unless they are using the allowed IP address.
Could anyone advise on how I could restrict admin access but allow the app to run externally?