Ok, we have a site (forum based) that was defaced lastnight. I wanted to find out if there is a way we can use the .htaccess file to ban an ip from our entire site. And maybe redirect that user to a specific page showing hes banned.
Msg#: 3374 posted 12:44 am on Apr 20, 2005 (gmt 0)
#deny domain Deny from foo.nasty.com Deny from nasty.com
Yes, you can do it this way, but by IP address is infinitely preferable; if you limit access based on hostname, Apache will need to perform a DNS lookup on the IP address which can result in a significant performance hit. The effect of this can be mitigated somewhat by running ncsd (although that has its own pitfalls, not the least of which is that it doesn't obey DNS TTL rules) or a caching-only nameserver bound to localhost on the same box (or on the same network segment) as the webserver, and tweaking your resolv.conf accordingly. Even so, by IP address really is the way to go unless you have no alternative.