You can use Apache mod_setenvif and regular expressions to reduce that to 6 lines. Here, mod_setenvif sets the variable "blockit", which is then tested by the mod_access "Deny from" directive:

# Block 167.0.0.1 - 167.98.98.1
#
# block 167.0.0.1 through 167.0.0.255
SetEnvIf Remote-Addr ^167\.0\.0\.([1-9]¦[1-9][0-9]¦[12][0-9][0-9])$ blockit
#
# block 167.0.1.0 through 167.0.255.255
SetEnvIf Remote-Addr ^167\.0\.([1-9][0-9]?¦[12][0-9][0-9])\. blockit
#
# block 167.1.0.0 through 167.97.255.255
SetEnvIf Remote-Addr ^167\.([1-9]¦[1-8][0-9]¦9[0-7])\. blockit
#
# block 167.98.0.0 through 167.98.97.255
SetEnvIf Remote-Addr ^167\.98\.([0-9]¦[1-8][0-9]¦9[0-7])\. blockit
#
# block from 167.98.98.0 through 167.98.98.1
SetEnvIf Remote-Addr ^167\.98\.98\.[01]$ blockit
#
Deny from env=blockit

Note: I typed this rather quickly. There may be typos or construction errors, but I hope it will serve as an illustration of the method. Basically, do the "small chunks" at the beginning of the range, working up to the "big chunks" in the middle, and finally, the "small chunks" at the end.

The same idea can be implemented using CIDR notation, but I (personally) find it easier to use the method above.

The regular-expressions patterns for 0-255 will actually match 0-299. This makes the pattern shorter, but is of no concern, because it is impossible to transmit a IP octet with a value greater than 255.

You must change all broken pipe "¦" characters above to solid pipe characters before use; Posting on this board modifies the pipe characters.

Jim