Block Ip Address with Htaccess file - Server Admin
I posted a how-to guide on blocking referral websites using the htaccess file. But I’ve found for my Free Personals that this wasn’t enough to stop the culprits who are causing my max connections to be reached and, consequenlty, causing my server to crash and I might add quite frequently. The ips are usually from places like China or Africa and Nigeria. So I wanted to perhaps offer a quick and dirty (yet not permanent) solution to block these supposedly DOS attacks to my server.
So I’m going to post samples from my own htaccess here:
# Added 4/25/07 <files *> order deny,allow # Nigerian/African 419 Scammers IP addresses follow: deny from 12.166.96.32/27 41.204.32.0/20 41.220.64.0/20 41.223.248.0/22 61.11.230.112/29 62.56.128.0/17 62.56.235.0/24 deny from 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/24 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 . . . # Newest Nigerian ISP additions: # Added 0/24 to all IP CIDRs ending with a period to resolve #occasional Apache hickups caused by trailing periods # Tentative CIDR block for 16,777,216 AfriNIC assigned IPs #deny from 41.0.0.0/8 # Pan Am Sat Nigeria and South Africa deny from 216.139.160.0/19 216.139.176.136/29 # Added Goldenlines.net.il (Israel) because of Open #Proxies used by Nigerian scammers deny from 80.179.244.0/24 # Amsterdam, The Netherlands Versatel Nederland DSL-NAT #Customers - Lottery and 419 scammers deny from 62.59.36.0/22 62.59.40.0/21 62.59.48.0/22 82.93. 82.168.0.0/14 # Italian Satellite ISP for Nigeria added 04/08/2006 deny from 83.137.61.0/24 # Ironlinkus.com Satellite Services #(Africa - used by scammers) - added on 08/08/2006 deny from 216.118.252.0/24 216.118.253.0/24 # End Nigerian/African blocklist # Add other blocked domain names or IP addresses here, #starting with "deny from " without quotes # If you find that you need to poke a hole in the blocklist, #for legitimate visitors, follow this example: #allow from 123.456.789.0 #(or whatever ip address you wish to allow) # Add "allow from" IP addresses, or CIDR Ranges, #after all of the "deny from" items, just before the #closing Files tag. # Everything not included within these deny #from ranges is PERMITTED by the allow portion of #the directive. </files> # This prevents web browsers or spiders from #seeing your .htaccess directives: <files .htaccess> deny from all </files> # End of file
So if you see an ip address (eg. 80.88.148.58) that you wish to deny access to your server then what I’ve done is copy the first 3 octets (i.e. 80.88.148) and then for the fourth octet (i.e. 58) change it to a 0 (that’s the number zero) then append “/24″ without quotes. So the results will look like:
deny from 80.88.148.0/24
You can simply add the “80.88.148.9/24″ without quotes to any “deny from” rule by adding a space in between each ip. I won’t go into the specifics of what this all means right now. I will later on. I apologize if the example ip address eventually gets assigned to a “legitimate” ip address. The last time I checked this ip (May 16, 2007) it belonged to someone in Nigeria so unless you have customers in Nigeria today then I would say it’s okay to block them. However, there is a cautionary note to blocking ips in your htaccess file because these ips can eventually be assigned to a “legitimate” person and you may be blocking people who wish to legitimately purchase from you. Again, I’ve just found this be a good temporary fix until I get around to changing my host provider who will help with these types of attacks on my server. The good hosts will usually have excellent appliances to deal specifically with these issues.
If you want a really good technicall tutorial on ip addresses and what it all means like CIDR (Classless InterDomain Routing) then visit Ralph Becker’s site on IP Address Subnetting Tutorial.
By the way, notice the:
<files .htaccess> deny from all </files>
The above code in your htaccess file is simply to deny people and spiders from viewing your htaccess file.
As well, note the:
<files *> # Some comments deny from 80.88.148.0/24 </files>
There are the tags
<files *></files>
that enclose the “deny from” commands.
BlinkBits | BlinkList | del.icio.us | Digg it | Earthlink | FeedMarker | Flog this! | Furl | iFeedReaders | ma.gnolia | Maple.nu | Netvouz | Netscape | Newsvine | Onlywire | RawSugar | reddit | Scuttle | Shadows | Simpy | Spurl | StumbleUpon | tagtooga | TalkDigger | Wink | Yahoo MyWeb | Diigo |