CODEWITHSUNDEEP
apache.htaccessiprangemod-access
Arco
Arco

Reputation: 103

Blocking multiple ip ranges using mod access in htaccess

I read the guide from apache site but I'm a bit confused, I'm trying to ban some ranges using this syntax:

order allow,deny
deny from 127.0.55.0/127.0.75.255
deny from 127.0.235.0/127.0.255.255
allow from all

But I think it's not working properly, probably the syntax is wrong or I'm using it in the wrong way, where should I write this text in htaccess? before the other lines or after? in the same htaccess file there're some mod rewrite script too (for anti-hotlinking).

Upvotes: 9

Views: 25282

Answers (2)

dkerr
dkerr

Reputation: 11

order allow,deny
deny from 2001:4200::/32
deny from 2001:4210::/32
deny from 2001:4218::/32
deny from 2001:4220::/32
deny from 2001:4228::/32
deny from 2001:4238::/32
deny from 2001:4248::/32
deny from 2001:4250::/32
allow from all

along these lines how to add a redirect to another website for a very long deny list that blocks a lot of countries in htaccess

Upvotes: 0

d-stroyer
d-stroyer

Reputation: 2706

I've come to this answer using apache documentation.

You can give an address range using ip/netmask pair : 

deny from 127.0.55.0/24

However, since range 55 - 75 are not power of two, I don't see how to make a range out of them. I'd add several rules.

order allow,deny
deny from 127.0.55.0/24  // Matches 55
deny from 127.0.56.0/21  // Matches 56 to 64
deny from 127.0.64.0/21  // Matches 64 to 71
deny from 127.0.72.0/22  // Matches 72 to 75

deny from 127.0.235.0/24 // Matches 235
deny from 127.0.236.0/22 // Matches 236 to 239
deny from 127.0.240.0/21 // Matches 240 to 255
allow from all

should work.

NB: Remove the comments after // before pasting into htaccess

Upvotes: 14

Related Questions