How do I block an IP address from accessing my web site?

How do I block an IP address to prevent a specific individual from accessing my web site?

Jm

Welcome to the forum Jm!

Here is how to block an ip (computer) from entering your site using the .htaccess file. In this example, I'll use 209.172.44.78:

Create a file in the root of your website (main page of your website) and call it .htaccess

Inside that file, you'll add this code:

Save the file and that's it! Any requests (get and post) by 209.172.44.78 will be blocked.

I'm sure that over time, you'll want to block more than one IP address in your htaccess file, so here is how to block more than one. I'll use 72.232.162.50 in addition to the existing address as an example.

You simply add another deny statement for each additional IP address you want to block.

Say that you are getting blasted by many ip address in the same range (block), such as:

71.32.62.51
71.32.62.52
71.32.62.53
71.32.62.54
71.32.62.55
71.32.62.56
71.32.62.57

You can add the following line to your .htaccess file:

This tells your server to block any address that starts with 71.32.62 (we simply left off the last octet).

and here is what the entire .htaccess file would look like:


The .htaccess code above will block access for IP address 209.172.44.78, 72.232.162.50 and any IP address ranging from 71.32.62.0 to 71.32.62.255

Let's take it even further - say that you're getting blasted by a ton of IP addresses that don't have a pattern but are from the same ISP / domain (such as hotlinker.com). The solution is to simply block all traffic from the ISP using the following command (provided hostnameLookups are enabled on your server):

This prevents any ip address from hotlinker.com from accessing your site - just stick that deny right under the last deny statement.

Always use caution when blocking an entire range or ISP using your .htaccess file, you may end up blocking valid visitors by accident.

Hope that helps!

Best regards,

Jim.

__________________
Firewall Test Internet Speed Test Sitemap Generator

Nice tutorial. Question how do you set it up to only allow access from a certain IP range. Basically I could force only my clients to allow access to the private backend of site.

Deny everyone access, then allow certain hosts/IP addresses

ErrorDocument 403 /GoAway.html
<Limit GET POST>
order deny,allow
deny from all
# Allow all IP's starting with 21.22.23.
allow from 21.22.23.
# Allow access from Google.com
allow from .google.com
</Limit>


For referrers, use this:

Block traffic from competitors site / case insensitive

RewriteEngine on
# Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} competitorsite\.com [NC,OR]
RewriteRule .* - [F]

Uncomment the line with "Options +FollowSymlinks" above (remove the #) if your server is not configured with FollowSymLinks in its <directory> section of the httpd.conf, and you get a 500 Internal Server error when using the code above as is.

Let me know if that works for you!

Best regards,

Jim.

__________________
Firewall Test Internet Speed Test Sitemap Generator

Hi,

What is the code to block several sites?

Thanks!

You can always block an entire range, say 21.22.23.x by using:

order allow,deny
deny from 21.22.23
allow from all

You can block ranges using CIDR (Classless Inter-Domain Routing [sounds like 'cider']), so that the command
deny from 21.22.0.0/16
would block everything in the 21.22.x.x range. BTY - the command:
deny from 21.22
does the same thing as the command above it.

Hope that helps.

Regards,

Jim.

__________________
Firewall Test Internet Speed Test Sitemap Generator

this can also be done by using a php script. However the disadvantage of my suggested method is that it will only apply to whatever pages you include the code on. But this can be an advantage, depends on whatever point of view you have. For me it is an advantage and here is the php code you need to use to block an ip using a php script.

__________________
-