To combine these, you can do this:

SetEnvIf Remote_Addr ^***\.**\.1(2[89]¦[3-8][0-9]¦9[01])\. ban
SetEnvIf Request_URI \.htaccess$ ban
SetEnvIf Request_URI \.htpasswd$ ban
<Files *>
Order Allow,Deny
Allow from all
Deny from env=ban
</Files>

As to which approach is better, that all depends on what you are trying to accomplish. Since you want to block access for two cases (any request from that IP address or any request for .htaccess), I'd say the above approach is a good one.

Jim

Jim to the rescue again ....

Actually I want to add a number of other bans, so is <Files *> still ok?

I can't seem to wrap my mind around the difference between the <Files ~ "^.*$"> and <Files *>.

Thank you Jim!

<Files ~ "^.*$"> is the regular-expressions format for specifying all files. The regular expression "^.*$" means "exactly the string 'any number of any characters'." Breaking it down, "^" is a start anchor, "." means "any single character", "*" means "zero or more of the preceding character or grouped (parenthesized) expression", and "$" is an end-anchor.

<Files *> is the 'simple' format for specifying all files.

So they are entirely equivalent.

For help with regular expressions, see the tutorial cited in the Apache forum charter.

Jim

From my reading I though they were equivalent, but wasn't sure since so many folks seemed to use the longer version.

Thanks again for clearing my muddled brain :)

JD

SetEnvIf Remote_Addr ^***\.**\.1(2[89]¦[3-8][0-9]¦9[01])\. ban
SetEnvIf Request_URI \.htaccess$ ban
SetEnvIf Request_URI \.htpasswd$ ban
<Files *>
Order Allow,Deny
Allow from all
Deny from env=ban
</Files>

Seems a bit much in my case, but what I have below appears not to be working? Do you see an issue with this?

AddType text/html .shtml .html .htm
AddHandler server-parsed .shtml .html .htm
ErrorDocument 404 /404page.shtml
<Files *>
order deny,allow
deny from 71.96.36.8
allow from all
</Files>

my friend at 71.96.36.8 says he is able to access the site with this .htaccess file just fine? He should not be able to?

Yes, I would recommend two things:

1) Thoroughly review the meaning of the "Order" directive here: [httpd.apache.org...]

2) Tell your friend to flush his browser cache (Temporary internet files) *after* you corrrect your code. Otherwise, he'll probably see an old cached copy of your page, and report to you that your code does not work.

Jim

boy, even after reviewing the apche doc, this is confusing......

This does not work
<Files *>
order deny,allow
deny from 71.96.36.8
allow from all
</Files>

this does
<Files *>
order allow,deny
allow from all
deny from 71.96.36.8
</Files>

then what i really wanted messed it up even more
Tried adding both of these, so I could deny the hacker AND allow only my IP to access the secret directory.

<Files *>
order allow,deny
allow from all
deny from 71.96.36.8
</Files>
# now that the hacker is denied successfully, tighten
# down and allow ONLY me access to the secrect
# directory
<Directory /secretadmindirectory*>
order deny,allow
deny from all
allow from xx.xx.xx.x
</Directory>

so how do you combine these guys?

You may use only one Order directive per .htaccess file, and <Directory> may only be used in httpd.conf, not .htaccess.

The easiest solution is to put the restriction on the "secret directory" into an .htaccess file *in* that directory.

For more complex mod_access constructs, you can extend its functionality by using the SetEnvIf directive (mod_setenvif). This allows Allow from and Deny from to act based on more than hostnames and IP addresses, allowing you to control access by User-agent, Remote-Host, Request-URI, and a bunch of other server variables.

Also, mod_rewrite may prove to be more flexible for your needs -- See the documentation cited in our forum charter [webmasterworld.com].

Jim