How to Allow & Deny by IP Address

Share |

Author: Mitch Keeler

Having issues with somebody at a particular IP address that is giving you problems? Are they bugging your users or poking you with the proverbial stick of annoyance? Well with the power of a little creativity and your .htaccess file you can help them find their way to the “Hey, hit the bricks!” door and hopefully the said door will hit them on the way out too.

To get this done, all you need to do is add this to your .htaccess file:

order allow,deny
deny from XXX.XXX.XXX
allow from all

Just replace the “XXX.XXX.XXX” with the IP address you wish to block. You can also add a second line like this if you wish to block multiple IP addresses:

order allow,deny
deny from XXX.XXX.XXX
deny from MMM.MMM.MMM
allow from all

One last tip. If you want to block everybody from seeing your web site, just put in deny from all.

order deny,allow
allow from QQQ.QQQ.QQQ
allow from LLL.LLL.LLL
deny from all

This would turn everybody away except for the people who have the IP address QQQ.QQQ.QQQ and LLL.LLL.LLL.

For more help with getting this done, check out the official Apache page on the process:

http://httpd.apache.org/docs/1.3/mod/mod_access.html

5 Responses to “How to Allow & Deny by IP Address”

Benny Says:
February 26th, 2008 at 7:13 am

Thanks for this. Going to have to bookmark it and save it for a rainy day.
February… | web-hosting-newsletter.com Says:
February 26th, 2008 at 7:23 am

[...] How to Allow & Deny by IP Address [...]
Mihai Says:
February 26th, 2008 at 2:00 pm

is it possible to deny a country ? something like any webpage at *.be ? or it needs to be for the hole ip class of the provider ? someone told me a long time ago that this is possible …

Thank you
Skippy Says:
February 26th, 2008 at 3:05 pm

It’s not really possible to block a country because your .htaccess only receives IP’s. Well, if you know all the IP classes for a certain country I guess it might work.

Here’s another similar trick, using mod_rewrite. You can use it to redirect IP’s to a certain page on your site or even another site.

RewriteCond %{REQUEST_URI} !=/goaway.txt RewriteCond %{REMOTE_ADDR} =aaa.aaa.aaa.aaa RewriteRule .* /goaway.txt [R,L]

You can do classes as well, using regular expressions:

RewriteCond %{REQUEST_URI} !=/goaway.txt RewriteCond %{REMOTE_ADDR} ^aaa.aaa.aaa. RewriteRule .* /goaway.txt [R,L]

I use this whenever I upgrade a website and I don’t want anybody but me roaming the site for half an hour. Use something like whatismyip.org to find your current IP:

RewriteCond %{REQUEST_URI} !=/maintenance.txt
RewriteCond %{REMOTE_ADDR} !=your.current.ip.here
RewriteRule .* /maintenance.txt [R,L]

Just make sure to clear these lines when you’re done.
JackFlash Says:
February 29th, 2008 at 12:55 am

how can you block anyone when we obtain different ip address from the isp each time we log on to the internet?