Things get complex pretty fast in this area... For one thing, one ISP may own several (or even several hundred) separate and distinct IP address ranges.

You can accomplish the blocking using either mod_access or mod_rewrite. The existing examples in the mod_access documentation should be sufficient, but that's not the case for mod_rewrite.

Since we don't post actual URLs and IP addresses in this forum to avoid legal problems (and others), I'll just give you a couple of examples using "impossible" IP addresses.

Block 202.292.0.0 - 202.292.255.255

RewriteCond %{REMOTE_ADDR} ^202\.292\.
RewriteRule - [F]

Block 202.292.128.0 - 202.292.255.255

RewriteCond %{REMOTE_ADDR} ^202\.292\.(12[89]¦1[3-9][0-9]¦2[0-4][0-9]¦25[0-5])\.
RewriteRule - [F]

Now, because of the way that IP address octets range from 0-255 only, you could shorten that last one to:

RewriteCond %{REMOTE_ADDR} ^202\.292\.(12[89]¦1[3-9][0-9]¦2[0-5][0-9])\.
RewriteRule - [F]

or even

RewriteCond %{REMOTE_ADDR} ^202\.292\.(12[89]¦1[3-9][0-9]¦2[0-9]{2})\.
RewriteRule - [F]

If you need help decoding all that, try here [etext.lib.virginia.edu].

Remember that mod_rewrite is doing text-character matching and does not recognize these as numbers - only as characters.

Also, you must change all broken pipe "¦" characters to solid pipe characters before use.

Jim

JD
Thanks!
It seems to be working- there is the obvious spike in 403's and I can see in the log the problem users is jumping from ip to ip and still not getting anywhere (they kept trying for an hour and 30 minutes after getting the intital 403 after adding that code)

There is something quite rewarding about knowing halfway around the world some spammer is having fits of frustration.