Welcome to WebmasterWorld Guest from 54.196.233.239

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Banning an ip with .htaccess?

     

u4eas

5:52 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



Ok, we have a site (forum based) that was defaced lastnight. I wanted to find out if there is a way we can use the .htaccess file to ban an ip from our entire site. And maybe redirect that user to a specific page showing hes banned.

Thanks in advance!

soquinn

6:10 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



I believe you can use something like this:

<Limit GET>
order allow,deny
allow from all
deny from 55.55.555.555 55.555.555/27
</Limit>

Where 55.55.555.555 is a full IP address and/or 55.555.555/27 could be the CIDR Range of the ISP. Leave a space between each one if you list more then one. May be someone else can confirm?

Gelignite

6:12 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



#deny domain
Deny from foo.nasty.com
Deny from nasty.com

# deny full ip address
Deny from x.x.x.x

Allow from ALL

Once i used something like this but unfortunately i am not sure if it works.

u4eas

7:13 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



Cool Ill try those later, is there a way we can redirect the ip to one page. The page may even be another domain.

soquinn

7:28 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



Not completely sure but... the banned IP returns a 403 I believe so you could add this to .htaccess and make a custom error403.php page or maybe even point them anywhere:

ErrorDocument 403 ht*p://www.yoursite.com/error403.php

You'll have to play with it.

Longhaired Genius

7:38 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



You can use something like this using mod_rewrite to direct a particular banned IP address to a particluar page.

Replace 00.00.00.00 with the banned IP address.
Replace banned.html with the page you want to send him to.

# begin .htaccess code

RewriteEngine On
Options +FollowSymlinks

# directs banned user to "banned" page
RewriteCond %{REMOTE_ADDR} ^00.00.00.00$
RewriteRule!banned.html [example.com...] [L]

# end .htaccess code

To send the unwanted visitor offsite replace the RewriteRule with

RewriteRule ^.*$ [remote-url.com...] [L]

EDIT: there should be a space before the "!". The forum software removes it.

u4eas

8:26 pm on Apr 19, 2005 (gmt 0)

10+ Year Member



Many thanks we will give it a try.

sitz

12:44 am on Apr 20, 2005 (gmt 0)

10+ Year Member



#deny domain
Deny from foo.nasty.com
Deny from nasty.com

Yes, you can do it this way, but by IP address is infinitely preferable; if you limit access based on hostname, Apache will need to perform a DNS lookup on the IP address which can result in a significant performance hit. The effect of this can be mitigated somewhat by running ncsd (although that has its own pitfalls, not the least of which is that it doesn't obey DNS TTL rules) or a caching-only nameserver bound to localhost on the same box (or on the same network segment) as the webserver, and tweaking your resolv.conf accordingly. Even so, by IP address really is the way to go unless you have no alternative.

 

Featured Threads

Hot Threads This Week

Hot Threads This Month