How to block users from accessing your site based on their IP address

laarni080

New member
Blocking users by IP address is pretty simple with .htaccess.
So here it is the example:

Order allow, deny
Deny from 192.168.0.10
Deny from 212.155.
Deny from 1.2.3.4 5.6.7.8 127.0.0.1
Allow from all

Let?s take a look at the code line by line:
The first line ?Order allow, deny? tells the web server the ?Order? in which the Allow and Deny directive will be evaluated. It simply says: Give access to all hosts that are not present in the Deny from list and are present in the Allow from list. With allow, deny order Allow list is looked up first and then the web server checks the deny from list. So as we have allow from all ? all access is allowed. Then the allowed access is filtered based on the Deny lists. With allow,deny access is disabled by default.

If we change the order to ?deny, allow? then all access is enabled by default and only users in the deny lists are blocked. However as the deny is being processed first allow directives will override any maching settings set in deny directives.

The default Apache order is deny,allow. So you can skip the first line in your .htaccess file if you do not need to change the order in which the Deny and Allow rules are being evaluated by the web server.

So to keep the .htaccess simple you can just use:

Deny from 192.168.0.10
Deny from 212.155.​

Basically you can use such rules in your .htaccess file to block a particular user, or a network from accessing your site.
You can put several IP address in a Deny or Allow rule. For example:

Deny from 1.2.3.4 5.6.7.9​

The IP addresses must be separated by a space or tab.

You can put entire networks as


Deny from 212.155.​

This will block all users which IP addresses start with 212.155

Or to block all access to your site:

Deny from all​

And then add another line to enable access only for yourself:

Allow from 1.2.3.4
Where ?1.2.3.4? should be replaced with your computer IP address.
 
The specific block for the ip can be made via the IIS manager :


In IIS Manager, double-click the local computer; right-click the Web Sites or FTP Sites folder, an individual Web or FTP site, a virtual directory, or a file; and then click Properties.

Configuration settings made at the Web or FTP Sites level are inherited by all of the Web or FTP sites on the server. You can override inheritance by configuring the individual site or site element.

Granted access or Denied access. When you select Denied access, you deny access to all computers and domains, except to those that you specifically grant access. When you select Granted access, you grant access to all computers and domains, except to those that you specifically deny access.
 
Note that having a lot of blocked IP addresses in a .htaccess file, apache will hog resources as it will take time to open the file go through it all and take proper action and it has to do that on each visit so you will experience slow loading times and high ram & cpu usage, especially if you have a busy site.
 
Back
Top