|Blocking certain IP address(es)|
How does one accomplish this in a reasonable way?
Is there a reasonably simple solution to blocking certain IP's and/or places from accessing a particular website? What if the place I want to block has rotating IP addresses, such that it might be impossible to block all the possible IP's?
Any comment or direction to a treatment of this would be appreciated.
There are roughly three levels to block a visitor from a certain IP address to get access to your website. The first level is in a firewall outside, or at the outer layer of your server. The second level is in the web server software (Apache, IIS, Nginx) and the third level is in the website application scripts (PHP, ASP, Perl, etc)
Blocking at the firewall level is the fastest, and has the less performance impact on the server but it is the most difficult to maintain. Blocking at the scripting level is the most versatile but uses the most CPU processing power and probably requires the most programming effort from your side.
Which option is the best for you depends on the server software you use, the scripting language and the knowledge you have in configuring them. Also how fast the IP address changes may influence your decision. If it is a fixed group of IP addresses from a data center used by a scraper, just blocking those addresses in the firewall is the most efficient way. But if you want to block a manual forum abuser who uses a number of different proxies to try to spam your forum, a solution in your forum scripting software might be a better way to go. Some forum software distributions have a built-in option to block certain IP addresses or address ranges.
All above, but don't neglect the possibility of blocking by UA, Referer (sp correctly) or, possibly, by URI depending on how your site is being accessed. Sounds like you want to block a site rather than a visitor, or perhaps a scaper after your goodies. Look for common strings in your logs, run comparison searches in those logs to determine collateral damage (if any) then implement. A "set it and forget it (which you NEVER want to forget) is killing a CDIR range of IPs... less typing, more efficient, but is a shotgun approach.