Using mod_rewrite is overkill for simple IP address blocking - you are probably better-off using mod_access [httpd.apache.org] instead. Then all you need is something like:

Order Deny,Allow
Deny from 255.255.128/191
Deny from 255.88/89
Deny from 255.255.200.4

Note: above is untested, I'm not 100% sure of the syntax for the specific IP address ranges.

RewriteCond %{REMOTE_ADDR} ^255\.255\.(12[89]¦1[b][3-8][/b][0-9]¦19[01])\. [OR]
RewriteCond %{REMOTE_ADDR} ^255\.8[89]\. [OR]
RewriteCond %{REMOTE_ADDR} ^255\.255\.200\.[b]4$[/b]
RewriteRule ^.*$ - [F]

Jim

Everytime I tried using the "/" to show a range I would get this error,

invalid mask in network/netmask

Thanks Jim for correcting my code, I just knew I had something wrong. I didn't want to accidently ban the wrong people.

There is no support in any Apache module for direct entry of a numerical range, such as 128-255. As I stated in a previous thread, only character ranges are supported, such as 0-9 or a-z. The mod_access module and several others recognize network/netmask notation, as in 192.168.0.128/255.255.255.128 and network/CIDR notation, such as 192.168.0.128/25, both of which are equivalent. I don't know of any module that would recognize 192.168.0.128-255 though.

Jim

Are you actually seeing requests from those IPs? Anything between 224.0.0.0 and 255.255.255.255 is either broadcast, multicast or unassigned. Nothing should be sending out requests with source addresses in this range.

If you are seeing requests from these IPs, something very wrong is probably happening.

A fair question, that. I assume they were intentionally-obscured addresses; IP addresses that resolve to actual sites are generally removed or obscured by the mods and admins here, in accordance with our TOS and Forum Charters.

Jim

Yes, I changed the numbers.