To ban an IP address from accessing your website, create a .htaccess file within your root directory (usually public_html or www) and add the following configuration in the file:
It’s pretty simple to understand what’s going on here. “order allow,deny” is specifically in this order so that the allow rules are checked first, and if someone matches a deny rule, their server request is refused (i.e. they’re blacklisted). If you have the order as “deny,allow”, the deny rules are checked first and the allow rules after. If you had it ordered “deny,allow”, the allow rule is evaluated last, so you can imagine what would happen – hence, “order allow,deny” evaluates deny rules last.
In the example above, we’re blacklisting 127.0.0.1. In real use, you’ll need to change this to the IP address in which you want to blacklist. You can, of course, blacklist multiple IP addresses by listing multiple deny rules on a separate line. For example:
Note: If you can’t see your .htaccess file listed in your FTP client it may be hidden depending on the file manager you are using, because the file starts with a period character. If this is the case, you’ll need to find the option in the menu of the FTP client you are using to show hidden files.
In most control panels for Linux- and Windows-based hosting, you can blacklist IPs using a graphical user interface instead of having to do so via a .htaccess text file. In cPanel, go to the IP Deny Manager (in the Security category) to blacklist IPs from accessing your website. Just like doing so directly within a .htaccess file, you can specify a complete IP address or a specific range.
Note: Be careful when you are blacklisting an IP range. Don’t blacklist an IP range too broadly if you are concerned of blacklisting genuine visitors.
order allow,deny
deny from 127.0.0.1
allow from all
It’s pretty simple to understand what’s going on here. “order allow,deny” is specifically in this order so that the allow rules are checked first, and if someone matches a deny rule, their server request is refused (i.e. they’re blacklisted). If you have the order as “deny,allow”, the deny rules are checked first and the allow rules after. If you had it ordered “deny,allow”, the allow rule is evaluated last, so you can imagine what would happen – hence, “order allow,deny” evaluates deny rules last.
In the example above, we’re blacklisting 127.0.0.1. In real use, you’ll need to change this to the IP address in which you want to blacklist. You can, of course, blacklist multiple IP addresses by listing multiple deny rules on a separate line. For example:
If you want to block an entire IP range, you simply exclude a specific octet in the .htaccess rule:order allow,deny
deny from 127.0.0.1
deny from 127.0.0.1
deny from 127.0.0.1
deny from 127.0.0.1
allow from all
This will blacklist IP addresses in the range 127.0.0.0 through to 127.0.0.255. An octet is each part of the IP address (i.e. 127, 0, 0, 1).order allow,deny
deny from 127.0.0
allow from all
Note: If you can’t see your .htaccess file listed in your FTP client it may be hidden depending on the file manager you are using, because the file starts with a period character. If this is the case, you’ll need to find the option in the menu of the FTP client you are using to show hidden files.
In most control panels for Linux- and Windows-based hosting, you can blacklist IPs using a graphical user interface instead of having to do so via a .htaccess text file. In cPanel, go to the IP Deny Manager (in the Security category) to blacklist IPs from accessing your website. Just like doing so directly within a .htaccess file, you can specify a complete IP address or a specific range.
Note: Be careful when you are blacklisting an IP range. Don’t blacklist an IP range too broadly if you are concerned of blacklisting genuine visitors.
No comments:
Post a Comment