Block specific IP Addresses with HTACCESS

Sometimes, it is necessary to keep certain IP addresses away from a website. Possible reasons may be that experience has shown that from these IP addresses only spam is considered or that certain user groups should not have the possibility to get the information on the web page.

Fortunately, it is quite simple to exclude a set of IP addresses. Just write the following lines into your htaccess file (the htaccess file is a file called .htaccess, which is located in the home directory of the webseite on your web space):

allow from all
deny from 12.34.56.78
deny from 123.4.5.6

These two lines do not allow requests from the IP addresses 12.34.56.78 and 123.4.5.6. If someone goes with these IP addresses on your site, just an error message like "Access Denied" is displayed. For each IP address that you want to exclude, you can simply create a new line.

Exclude whole IP ranges

Suppose you want to exclude all IP addresses starting with 12.34. It would be too much work to write down all possible combinations! Thankfully, there is also this possibility to achieve the same result:

allow from all
deny from 12.34.56
deny from 123.4

The first line excludes all possible IP addresses from 12.34.56.0 to 12.34.56.255, the second line all IP addresses beginning with 123.4.

To note

In this approach you should keep two things in mind:

First, you should be careful that no one is excluded, who actually should be allowed to visit the website. It happens quickly, that even search engines, for example, are excluded from crawling the page with the wrong line in a HTACCESS file, and therefore suddenly a website can no longer be found by using a search engine. So, here, you should alway pay close attention to who you are excluding.

Moreover, you should always keep in mind, that you can switch an IP address quickly. The spamer, which you have just eliminated, may be on the road again tomorrow under a different IP address - for example, by using a proxy server.

Try out

If you want to test, whether your .htaccess works, just write "deny from 127.0.0.1" into your .htaccess file. If you have a local installation of XAMPP, you can call your site via localhost and see whether the exclusion is working.