Portal Home > Knowledgebase > Frequently Asked Questions > How Can I Deny IP Address by Using .htaccess File


How Can I Deny IP Address by Using .htaccess File




The first question you might ask is what .htaccess is all about. It is used to modify several website attributes on Linux and Unix servers. This article guides the readers how to use .htaccess file for blocking IP address. This will be of good use to stop traffic which is having a negative impact on webserver or website.


The name .htaccess is self-explanatory and the purpose of the file is to allow control of per-directory access, which might require a password for content access. These days, the .htaccess files are designed to override multiple configuration settings including character set, CGI handlers and content type.


In order to .htaccess editblock IP address, first block access to your domain or parts of the domain and add the followings to .htaccess file.

<Limit Get>

order allow, deny

deny from 10.20.30

deny from 192.168.207.154

allow from all


This exemplifies an .htaccess file to block access to site or anybody coming from any IP address starting with 10.20.30 and from a particular IP address 192.168.207.154. When you will specify only a part of the IP address and end that partial address with a period, every sub-address coming from the specified IP address will be blocked. For the users, it is a good option to use the IP address to block access. This is because it is highly recommended not to use the domain names in this regard.


Request allow,deny – in this case, the allowdirectives will be processed first before denial of the directives. This order can be reversed also. For example, request deny.allow. This would lead to processing of the deny directives at first before the allow directive. Next in the pipeline is a deny directive. This line gives an instruction that all GET requests from anyone belonging to the IP block of 10.20.30.* should not be given an access.


Deny directives give an instruction that the IP address 192.168.207.154 should not be given an access while placing a GET request. The final line instructs Apache that a GET request from anyone should be accepted and Apache should also return requested information.


Now learn how to block an IP address using mod_rewrite:


As an alternative method, you can use mod_rewrite to block IP address with an .htaccess file.


For example, RewriteEngine on

RewriteCond% {Remote_Addr}

^192\.168\.168\.175

RewriteRule ^(.*)

http://localhost/ [R,L]


The following codes will block the addresses between 192.168.0.0 and 192.168.255.255:

RewriteEngine on

RewriteCond% {Remote_Addr} ^192\.168

RewriteRule ^(.*) http://localhost/ [R,L]


Looks a little bit complicated, isn’t it? But if you go through the section multiple times, it will get simpler.

Was this answer helpful?

Add to Favourites Add to Favourites    Print this Article Print this Article

Also Read
What Is DDOS Attack (Views: 1051)