Welcome to WebmasterWorld Guest from 54.198.229.157

Forum Moderators: Ocean10000 & incrediBILL & phranque

Message Too Old, No Replies

Banning an ip with .htaccess?

     
5:52 pm on Apr 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 5, 2003
posts:156
votes: 0


Ok, we have a site (forum based) that was defaced lastnight. I wanted to find out if there is a way we can use the .htaccess file to ban an ip from our entire site. And maybe redirect that user to a specific page showing hes banned.

Thanks in advance!

6:10 pm on Apr 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:June 2, 2003
posts:113
votes: 0


I believe you can use something like this:

<Limit GET>
order allow,deny
allow from all
deny from 55.55.555.555 55.555.555/27
</Limit>

Where 55.55.555.555 is a full IP address and/or 55.555.555/27 could be the CIDR Range of the ISP. Leave a space between each one if you list more then one. May be someone else can confirm?

6:12 pm on Apr 19, 2005 (gmt 0)

New User

10+ Year Member

joined:Apr 18, 2005
posts:17
votes: 0


#deny domain
Deny from foo.nasty.com
Deny from nasty.com

# deny full ip address
Deny from x.x.x.x

Allow from ALL

Once i used something like this but unfortunately i am not sure if it works.

7:13 pm on Apr 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 5, 2003
posts:156
votes: 0


Cool Ill try those later, is there a way we can redirect the ip to one page. The page may even be another domain.
7:28 pm on Apr 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:June 2, 2003
posts:113
votes: 0


Not completely sure but... the banned IP returns a 403 I believe so you could add this to .htaccess and make a custom error403.php page or maybe even point them anywhere:

ErrorDocument 403 ht*p://www.yoursite.com/error403.php

You'll have to play with it.

7:38 pm on Apr 19, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Aug 28, 2002
posts:564
votes: 0


You can use something like this using mod_rewrite to direct a particular banned IP address to a particluar page.

Replace 00.00.00.00 with the banned IP address.
Replace banned.html with the page you want to send him to.

# begin .htaccess code

RewriteEngine On
Options +FollowSymlinks

# directs banned user to "banned" page
RewriteCond %{REMOTE_ADDR} ^00.00.00.00$
RewriteRule!banned.html [example.com...] [L]

# end .htaccess code

To send the unwanted visitor offsite replace the RewriteRule with

RewriteRule ^.*$ [remote-url.com...] [L]

EDIT: there should be a space before the "!". The forum software removes it.

8:26 pm on Apr 19, 2005 (gmt 0)

Junior Member

10+ Year Member

joined:Apr 5, 2003
posts:156
votes: 0


Many thanks we will give it a try.
12:44 am on Apr 20, 2005 (gmt 0)

Preferred Member

10+ Year Member

joined:Mar 1, 2005
posts:374
votes: 0


#deny domain
Deny from foo.nasty.com
Deny from nasty.com

Yes, you can do it this way, but by IP address is infinitely preferable; if you limit access based on hostname, Apache will need to perform a DNS lookup on the IP address which can result in a significant performance hit. The effect of this can be mitigated somewhat by running ncsd (although that has its own pitfalls, not the least of which is that it doesn't obey DNS TTL rules) or a caching-only nameserver bound to localhost on the same box (or on the same network segment) as the webserver, and tweaking your resolv.conf accordingly. Even so, by IP address really is the way to go unless you have no alternative.