Welcome to WebmasterWorld Guest from

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Using "deny from" in .htaccess

can countries be denied?

11:35 am on May 21, 2003 (gmt 0)

New User

10+ Year Member

joined:Apr 28, 2003
votes: 0

In my .htaccess file I do have some IP's listed
under <Limit GET>
for example

order deny,allow
deny from .edu
deny from
deny from 23.45.
# above just as example

Where I had read in the apache documentation files
a domain or partial domain is allowed to be used
in the allow or deny, I finally got tired of educational
facilities accessing my site, and have not found any
of them to be of benefit.

Can anyone tell me if my newest entry of
deny from .edu
will work, or not?

Additionally, if a "lookup" is done when a domain
or partial domain is specified (according to the apache
doc that I read).... my guess is that the
deny from .edu
"should work" and "should" match for any and all
educational domains.

If that is true, that a lookup is done for a domain or
partial domain, then I am curious if the following
deny from .ca
would work for blocking all of Canada (or any other
two letter country code). Does anyone know about
this aspect? Could a person have a listing of
deny from .cn
deny from .tw
deny from .hk
or similar listing under their <Limit GET> .... it would
surely cut down on the number of IP numbers to be
listed or the amount of regex to be used for
REMOTE_ADDR entries.

And my final question that I am curious about.
I already know that a complete or partial IP can
be listed for use with allow or deny under <Limit GET>
and regex can be used alike the next
RewriteCond %{REMOTE_ADDR} ^204\.251\.([2-3])\. [OR]

.... but I am puzzled about the other format that apache
docs mention for allow or deny where the IP number
is written in CIDR (? is that correct) format such as
deny from
..... my puzzled aspect is "what does the /number
represent?.... is that "number of bits" that are or'ed
with the "starting IP number"? Not sure if it would be
"or'ing" or "and'ing" but I remember something about
working with binary numbers from my old CP/M days
and my calculator handles binary, hex, and other
numbers quite nicely. I'm must puzzled about what
the CIDR format means with the /number(s) at the end.


4:45 pm on May 21, 2003 (gmt 0)

Senior Member

WebmasterWorld Senior Member jdmorgan is a WebmasterWorld Top Contributor of All Time 10+ Year Member

joined:Mar 31, 2002
votes: 0


A quick read of this page [httpd.apache.org] should answer all of your technical questions.

Banning by country code is rather arbitrary (IMHO) and doesn't always work. Some people use ISPs in adjacent countries, some use satellite/radio internet, and the really bad guys use open proxies so you can't tell where they come from, really. YMMV.