2

Let me start by saying I am new to creating an htaccess file. I want to deny certain IPs from access to our site. I created this and I am looking for validation that this is correct. I know that there is no advanced redirect page within this as I am not sure how to accomplish that yet. I am more concerned that this snippet would work to block IPs. Thanks in advance for any and all help.

#.htaccess     
DirectoryIndex index.htm    
#deny list    
order allow,deny    
allow from all    
deny from xxx.xxx.xxx.xxx    
deny from yyy.yyy.yyy.yyy
wp78de
  • 18,207
  • 7
  • 43
  • 71
GwM
  • 21
  • 2

1 Answers1

1

Looks good to me, assuming you're on Apache 2.2 To block individual visitors, you can use the following directives:

Order Allow,Deny
Allow from all
Deny from 123.123.123.123

Instead of blocking visitors, you can redirect them to another location. Here's how to do it using Apache's mod_rewrite:

#<IfModule mod_rewrite.c>
    RewriteCond %{REMOTE_ADDR} ^123\.123\.123\.123$
    RewriteRule .* https://www.google.com [R=301,L]
#</IfModule>

See also: https://htaccessbook.com/block-ip-address/

Alternatively, try this to block a range if IPS (here 10.0.8.0-10.0.8.21:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^10\.0\.8\.(2[01]|[0-9][0-9]|[0-9])
#or RewriteCond %{HTTP_HOST} 12\.34\.56\.789
RewriteRule .* https://www.google.com [L,R=301]

If you are on Apache 2.4 this link from the htaccess book shows the differences between 2.2 and 2.4: https://htaccessbook.com/access-control-apache-2-4/

wp78de
  • 18,207
  • 7
  • 43
  • 71
  • Thanks for the conformation I appreciate it. So is the redirect index.php a default page from the server? or is that a page that I have to create? Also I am putting a long list of deny' ips into the deny, so does that change this line of code? RewriteCond %{REMOTE_ADDR} ^123.123.123.123$ or is the 123.123.123.123 a variable coming from the inbound IP, as I am not all that familiar with this code. Thanks in advance and hope that this makes sense. – GwM Oct 15 '20 at 23:43
  • the index.php is basically the redirect target for the deny people. You can send them to google.com or so as well. If you gave more than one IP address you'd like to block, you can deny them all at once: `Deny from 111.111.111.111 222.222.222.222 333.333.333.333` or use a range; just reference the linked resource. – wp78de Oct 15 '20 at 23:56
  • Why is this not working...it does not redirect if the ip is the 152.xxx.xxx.xxx, it blocks it, but does no take the user to google.com? What am I missing? #.htaccess DirectoryIndex index.htm #deny list order allow,deny allow from all deny from 152.152.152.152 RewriteCond %{REMOTE_HOST} 152\.152\.152\.152 RewriteCond %{REQUEST_URI} /index\.htm RewriteRule .* /https://www.google.com [R=301,L] – GwM Oct 19 '20 at 03:39
  • You can block or redirect a specific IP but not both. – wp78de Oct 19 '20 at 03:43
  • Thanks appreciate the help. I think one of my problems is I do not know what version of Apache the hosting company that we use, uses. I tried the the deny with both versions, 2.2 & 2.4 and the deny of the IP address works. It is the redirect that fails to go to google. It does however put up a testing 123 page from the server "Testing 123.. This page is used to test the proper operation of the Apache HTTP server after it has been installed. If you can read this page it means that this site is working properly. This server is powered by CentOS." If this helps – GwM Oct 19 '20 at 10:21
  • Sorry, but I have tried everything and cannot get this to work. I have a site www.example.com with index page located in httpsdocs folder, index.htm I want ip 10.0.20.30 to go to google when this ip hits my site and only this IP. I have been reading all the message boards, posts and websites and still cannot get this to work. What am I doing wrong, what should this look like? Or is this something with my hosting provider? Thanks – GwM Oct 19 '20 at 22:36
  • First things first: Is mod_rewrite activated on your host? Here are some good pointers https://stackoverflow.com/questions/7816429/apache-mod-rewrite-is-not-working-or-not-enabled – wp78de Oct 19 '20 at 22:55
  • I guess I am going to have to contact my hosting provider and find that out. I don't think that I can check through Plesk to see if it is on. I will look at the link you provided thanks. – GwM Oct 19 '20 at 23:02
  • I found something that is working. RewriteCond %{REMOTE_ADDR} ^(2|5|21|57)\. but how do I block the whole range something like this 1.0.8.0/21, how do i get the /21 to work in above line? – GwM Oct 19 '20 at 23:08