Snap Builder Public Codes Library
Snap | Generators | Login | Browse | Search | Enter Code | Export Snap Builder Public Codes Library

 

Category: >> .HTACCESS Codes Library >> Prevent or allow domain access for a specified range of IP addresses


Code Snippet </> Info


Snippet Name: Prevent or allow domain access for a specified range of IP addresses

Description: There are several effective ways to block a range of IP addresses via htaccess. This first method blocks an IP range specified by their CIDR (Classless Inter-Domain Routing) number. This method is useful for blocking mega-spammers such as RIPE, Optinet, and others.

Note: f, for example, you find yourself adding line after line of Apache deny directives for addresses beginning with the same first few numbers, choose one of them and try a whois lookup. Listed within the whois results will be the CIDR value representing every IP address associated with that particular network. Thus, blocking via CIDR is an effective way to eloquently prevent all IP instances of the offender from accessing your site. Here is a generalized example for blocking by CIDR (edit values to suit your needs).

Author:

Last Modified: 2014-05-18 18:10:48

Language: .htaccess

Highlight Mode: html
Copy Codes: Use Free Notepad ++
Bookmark and Share

Snap HTML Code Editor:
Paste the source code, make changes and instantly see it in live preview.
Snap HTML Code Editor

  About Copying
Copied To Clipboard!

# block IP range by CIDR number <Limit GET POST PUT> order allow,deny allow from all deny from 10.1.0.0/16 deny from 80.0.0/8 </Limit> Likewise, to allow an IP range by CIDR number: # allow IP range by CIDR number <Limit GET POST PUT> order deny,allow deny from all allow from 10.1.0.0/16 allow from 80.0.0/8 </Limit> Another effective way to block an entire range of IP addresses involves truncating digits until the desired range is represented. As an IP address is read from left to right, its value represents an increasingly specific address. For example, a fictitious IP address of 99.88.77.66 would designate some uniquely specific IP address. Now, if we remove the last two digits (66) from the address, it would represent any address beginning with the remaining digits. That is, 99.88.77 represents 99.88.77.1, 99.88.77.2, 99.88.77.99, etc. Likewise, if we then remove another pair of digits from the address, its range suddenly widens to represent every IP address 99.88.x.y, where x and y represent any valid set of IP address values (i.e., you would block 256*256 = 65,536 unique IP addresses). Following this logic, it is possible to block an entire range of IP addresses to varying degrees of specificity. Here are few generalized lines exemplifying proper htaccess syntax (edit values to suit your needs): # block IP range by address truncation <Limit GET POST PUT> order allow,deny allow from all deny from 99.88.77.66 deny from 99.88.77.* deny from 99.88.*.* deny from 99.*.*.* </Limit> Likewise, to allow an IP range by address truncation: # allow IP range by address truncation <Limit GET POST PUT> order deny,allow deny from all allow from 99.88.77.66 allow from 99.88.77.* allow from 99.88.*.* allow from 99.*.*.* </Limit>


[ Snippet Options ]

 
© 2002 -  Snap Builder Public Codes Library