homepage Welcome to WebmasterWorld Guest from
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
Forum Library, Charter, Moderators: Ocean10000 & incrediBILL & phranque

Apache Web Server Forum

Banning an ip with .htaccess?

 5:52 pm on Apr 19, 2005 (gmt 0)

Ok, we have a site (forum based) that was defaced lastnight. I wanted to find out if there is a way we can use the .htaccess file to ban an ip from our entire site. And maybe redirect that user to a specific page showing hes banned.

Thanks in advance!



 6:10 pm on Apr 19, 2005 (gmt 0)

I believe you can use something like this:

<Limit GET>
order allow,deny
allow from all
deny from 55.55.555.555 55.555.555/27

Where 55.55.555.555 is a full IP address and/or 55.555.555/27 could be the CIDR Range of the ISP. Leave a space between each one if you list more then one. May be someone else can confirm?


 6:12 pm on Apr 19, 2005 (gmt 0)

#deny domain
Deny from foo.nasty.com
Deny from nasty.com

# deny full ip address
Deny from x.x.x.x

Allow from ALL

Once i used something like this but unfortunately i am not sure if it works.


 7:13 pm on Apr 19, 2005 (gmt 0)

Cool Ill try those later, is there a way we can redirect the ip to one page. The page may even be another domain.


 7:28 pm on Apr 19, 2005 (gmt 0)

Not completely sure but... the banned IP returns a 403 I believe so you could add this to .htaccess and make a custom error403.php page or maybe even point them anywhere:

ErrorDocument 403 ht*p://www.yoursite.com/error403.php

You'll have to play with it.

Longhaired Genius

 7:38 pm on Apr 19, 2005 (gmt 0)

You can use something like this using mod_rewrite to direct a particular banned IP address to a particluar page.

Replace with the banned IP address.
Replace banned.html with the page you want to send him to.

# begin .htaccess code

RewriteEngine On
Options +FollowSymlinks

# directs banned user to "banned" page
RewriteCond %{REMOTE_ADDR} ^$
RewriteRule!banned.html [example.com...] [L]

# end .htaccess code

To send the unwanted visitor offsite replace the RewriteRule with

RewriteRule ^.*$ [remote-url.com...] [L]

EDIT: there should be a space before the "!". The forum software removes it.


 8:26 pm on Apr 19, 2005 (gmt 0)

Many thanks we will give it a try.


 12:44 am on Apr 20, 2005 (gmt 0)

#deny domain
Deny from foo.nasty.com
Deny from nasty.com

Yes, you can do it this way, but by IP address is infinitely preferable; if you limit access based on hostname, Apache will need to perform a DNS lookup on the IP address which can result in a significant performance hit. The effect of this can be mitigated somewhat by running ncsd (although that has its own pitfalls, not the least of which is that it doesn't obey DNS TTL rules) or a caching-only nameserver bound to localhost on the same box (or on the same network segment) as the webserver, and tweaking your resolv.conf accordingly. Even so, by IP address really is the way to go unless you have no alternative.

Global Options:
 top home search open messages active posts  

Home / Forums Index / Code, Content, and Presentation / Apache Web Server
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved