Dynamic IP .htaccess blocklist?

Question

Is it possible to block users from IP adresses with a dynamic file-based blocklist?

So, suppose the .htaccess looks like:

order Deny,Allow
Deny from 123.156.0.1
Deny from 10.0.0.10
Allow from all

Can this list be made dynamic, for example:

order Deny,Allow
[include Deny list here]
Allow from all

Another option would of course be to fix it with PHP, but it is preferable to let Apache handle this.

score 7 · Accepted Answer · answered Jul 02 '10 at 13:00

7

According to the Apache docs, it doesn't seem to be possible to read values from a text file.

However, you could include a configuration file containing the IP addresses. They would have to be in Apache's conf file format, though.

This should work:

order Deny,Allow
include conf/IPList.conf
Allow from all

It's even possible to include whole directories, even though it's not recommended.

answered Jul 02 '10 at 13:00

Unicron

7,275
1
26
19

3

You have not included the data sample format that should be in in `conf/IPList.conf`, as this is also compulsory part of your answer. – Nah Dec 19 '18 at 03:20

score 6 · Answer 2 · answered Jul 05 '10 at 10:15

6

I use the RewriteMap feature from Apache's RewriteModule, as a whitelist like this:

## WHITELIST IPS ##
RewriteMap ipslist txt:/path/to/whitelist.txt
RewriteCond %{REMOTE_ADDR} ^(.*)$
RewriteCond ${ipslist:%1|black} ^black$ [NC]
RewriteRule (.*) - [F]

With some tweaking, you could make this a blacklist.

answered Jul 05 '10 at 10:15

schmkr

133
6

RewriteMap is a nice approach, but will only work in a server or virtual host context, i.e. not .htaccess – Jason Aug 09 '12 at 16:18
1

You have not mentioned the location of this script, where this script can be added and what will be data format in `whitelist.txt` or `blacklist.txt`. – Nah Dec 19 '18 at 03:22

Dynamic IP .htaccess blocklist?

2 Answers2

Linked