Reputation: 3
How to block ip range in htaccess using specific RewriteCond
I have created proxy and I have got spamming attack on my links. I know their IPs but I'm not able to block them accessing my website. My code:
Order Allow,Deny
Deny from 64.233.172.0/24
Deny from 66.249.83.0/24
Deny from 66.102.8.0/24
Deny from 173.252.81.0/24
Deny from 173.252.100.0/24
Deny from 173.252.102.0/24
Deny from 173.252.113.0/24
Deny from 173.252.73.0/24
Deny from 173.252.75.0/24
Deny from 173.252.79.0/24
Deny from 69.171.228.120
Deny from 69.171.230.117
Deny from 69.171.235.117
Deny from 173.252.107.115
Deny from 173.252.105.117
Deny from 173.252.122.117
Deny from 173.252.114.118
Deny from 173.252.75.119
Deny from 173.252.103.5
Deny from 173.252.88.91
Allow from all
RewriteEngine On
RewriteCond $1 !^(script\.php)
RewriteBase /
RewriteRule ^(.*)$ proxy.php?url=$1 [L,QSA]
I can't remove these script and proxy files they have to work this way. Please tell me how fix this?
This is my system configuration.
Apache 2.2.29
DirectAdmin 1.48.0
Exim 4.84
MySQL 5.5.9
Named 9.7.3
ProFTPd 1.3.5
sshd
dovecot 2.2.15
Php 5.3.29
Upvotes: 0
Views: 4441
Answers (2)
Reputation: 9007
This depends on which version of Apache you're using.
If you're using 2.2, the following should work:
Order allow,deny
Allow from all
Deny from 64.233.172
Deny from 66.249.83
# ... etc ...
If you're on 2.4, then you should use this instead:
Require all granted
Require not ip 64.233.172
Require not ip 66.249.83
# ... etc ...
If none of those work for you, then you can use mod_rewrite instead:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^64\.233\.172 [OR]
RewriteCond %{REMOTE_ADDR} ^66\.249\.83 [OR]
# ... etc ...
RewriteRule ^ - [F,L]
Update
Based on your comment, please use the below code instead:
RewriteEngine On
RewriteBase /
RewriteCond %{REMOTE_ADDR} ^64\.233\.172\. [OR]
RewriteCond %{REMOTE_ADDR} ^66\.249\.83\. [OR]
RewriteCond %{REMOTE_ADDR} ^66\.102\.8\.
# ... etc (do the same above for each IP address/range and leave [OR] out on the last one) ...
RewriteRule ^ - [F,L]
RewriteCond $1 !^(dmca\.html)
RewriteRule ^(.*)$ proxy.php?url=$1 [L,QSA]
You simply had it in the wrong order. You first need to set the base, then disallow certain IP addresses, and only then do your other rewrites.
Upvotes: 4
Reputation: 368
You juste have to begin allowing all. You can put the whole thing in a limit tag and replace the range in the form A.B.C.D/24 by A.B.C.
<Limit GET POST>
Order Allow,Deny
Allow from all
Deny from 64.233.172.
Deny from 66.249.83.
Deny from 66.102.8.
Deny from 173.252.81.
Deny from 173.252.100.
Deny from 173.252.102.
Deny from 173.252.113.0
Deny from 173.252.73.
Deny from 173.252.75.
Deny from 173.252.79.
Deny from 69.171.228.120
Deny from 69.171.230.117
Deny from 69.171.235.117
Deny from 173.252.107.115
Deny from 173.252.105.117
Deny from 173.252.122.117
Deny from 173.252.114.118
Deny from 173.252.75.119
Deny from 173.252.103.5
Deny from 173.252.88.91
</Limit>
Upvotes: 0
Related Questions
- How to Block an IP address range using the .htaccess file
- Restrict URL by IP range in .htaccess?
- Blocking IP range in htaccess file
- using RewriteCond to ban ip range in a single condition
- How to allow IPS from range in htaccess?
- Make Apache ignore an IP range
- Block IP address range with .htaccess
- how do i restrict ip block -range- using htaccess?
- How can I write an htaccess rewriterule to exclude an IP range?
- IP restriction with htaccess