| 4:17 pm on Mar 7, 2005 (gmt 0)|
You don't actually have to use the SetEnvIf method if you just want to block IP addresses. For example,
Deny from ^###\.##\.###\.##$
will also work. SetEnvIf is only needed when you wish to Deny based on server variables other than IP address or remote hostname.
As to which is "better," that's largely a matter of preference or necessity; Some servers don't support mod_rewrite, so the only way to block access is with mod_access (or a script). Other subtle differences may also be important in the decision too; In some server configurations, mod_access-denied accesses are logged to the server error log, while mod_rewrite-denied accesses are logged to the server access log.
| 9:28 pm on Mar 11, 2005 (gmt 0)|
is there also a way to block entire ip-ranges?
| 9:52 pm on Mar 11, 2005 (gmt 0)|
Yes, you can omit trailing octets from the address to be matched, or you can use network/netmask or network/CIDR notation to block ranges.
For example, you could use
Deny from 123.45.67.
to block addresses in the range 184.108.40.206 through 220.127.116.11
Or you could use
Deny from 18.104.22.168/255.255.255.0
Deny from 22.214.171.124/24
See mod_access [httpd.apache.org] and mod_setenvif [httpd.apache.org] for more details.
| 10:04 pm on Mar 11, 2005 (gmt 0)|
great thanks, i tried with the * but that was obviously wrong.
| 10:05 pm on Mar 11, 2005 (gmt 0)|
oh by the way, wouldn't this also work:
Deny from 126.96.36.199 - 188.8.131.52
| 10:16 pm on Mar 11, 2005 (gmt 0)|
you can accomplish your goal, with a somewhat smaller file size, if you simplify it to:
Deny from 202.104.