Popular Posts
Recent Posts
Browse by Tags
article circular text CSS development E-mail easy steps hair colour hotmail how to iPhone iPod touch manipulation Photography Photoshop presentation professional SEO server social bookmark succesfull sucks teeth Tips tutorial Tutorials Twitter valentines day website Wordpress xHTML
Topics
Merchandise
Latest T-Shirt
Buy Now
How to block an ip address from your website
5 December 2009, by Alex Cican
 

apache thumbnail

In this tutorial I’ll explain how you can block any IP address, or a range of IP addresses, from accessing your site using an .htaccess file.

 

What is an .htaccess file

I previously wrote a post demonstrating how to remove .php, .html, .htm extensions with .htaccess. In that post I explain what is an .htaccess file. Go and read that post if you don’t know what an .htaccess file is.

 

How to block an IP address

Open up the .htaccess file you want to change, and insert the following code:

order allow,deny
deny from 10.145.66.6
deny from 128.134.51.
allow from all

Change the IP addresses to match your IP address that you want to block. The first deny, blocks access to IP address 10.145.66.6 and the second deny blocks a range of IP addresses from 128.134.51.0 to 128.134.51.255. The last line is to allow all other IP addresses to view that directory (remember, .htaccess files affects that directory and the subdirectories).

 

Block users by referrers

Instead of blocking individual IP addresses, you can block users originating from a particular domain. A simple application of this, is when you have referrers from a website but there’s no link on it, the owner of the website just  hotlinks to your files, stealing your bandwidth. Insert the following code:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} blockedsite\.com [NC]
RewriteRule .* - [F]

This code will block the domain blockedsite.com. The backslash (\) is used to allow the period be used as one, instead of matching a single character (read more on regular expressions). The [NC] is used to make the domain case insensitive. The last line specifies what action to be performed when a match is found. In this case, fail the request (403 Forbidden error).

It is also possible to block several referrers. You just have to add [OR] at the end of all the referrers but the last one. Here is an example:

RewriteEngine on
Options +FollowSymlinks
RewriteCond %{HTTP_REFERER} blockedsite1\.com [NC,OR]
RewriteCond %{HTTP_REFERER} blockedsite2\.com [NC,OR]
RewriteCond %{HTTP_REFERER} blockedsite2\.com
RewriteRule .* - [F]

 

Conclusion

This is a very easy way of blocking IP addresses and referrers. Most cPanels will have this feature installed which will allow you to block IP addresses from within the panel, instead of altering the .htaccess file yourself. In case you don’t have, or can’t find, this feature, today you learned how to do it!

Don’t forget to subscribe!

Any questions, add them below in the comments section.

Source Files are unavailable for this tutorial! No Source Files

Have anything to say? Add your comment below!
Related Posts
Comments

  • How to block an ip addres&hellip

    [...] Go here to read the rest:  How to block an ip address from your website | Tutorials … [...]

    5 December 2009 at 10:08 pm

  • Walter

    I may not have a use for this for the time being. But I know this will be valuable in the future. Thanks for giving this info. :-)

    11 December 2009 at 1:15 am

  • Alex C.

    @Walter: You’re welcome! It comes handy when you have a lot of spammers crawling your site! :p

    11 December 2009 at 2:53 pm

  • simon

    I really wanna ban some IPs from China, Alex, I got a hacker attack today, and erased all my asp and html files, really bad…. I tried .htaccess on my website with my IP, but I could still open the site? tried all the orders, like “Directory” “Limist” “Files”, and without all of them too…. but nothing works… could you please help me out? Alex….thanks!!!!!!!

    19 January 2010 at 6:18 pm

  • Alex C.

    @simon: are you sure you’re inserting the correct code as explained above? Is it in the home directory? Don’t try it with your IP, try it with a different one (from a 2nd computer home) or ask a friend. It should work and get a 403 error. Also make sure that your hosting server supports the rewrite engine and your administrator has not disabled override of FollowSymLinks for a user’s directory. If it’s disabled, then you cannot use the rewrite engine. This restriction is required for security reasons. Try contacting the hosting company and ask them if they provide this feature or a different block IP feature.
    Always back-up your website and harden your passwords! Read this link on Chinese hackers: http://www.parkansky.com/china.htm

    19 January 2010 at 10:23 pm
Add a comment