For regex aficionados possessing the requisite mental facility to do/decipher it, cool.

For the chronically regex-challenged amongst us...

When I see a bunch of bad neighboring IPs, I note the CIDRs, then use the invaluable ip2cidr.com to combine smaller 'deny from' ranges into ever larger blocks. Not too time-consuming and a LOT less error-prone. And a lot easier on the eyes!

many thanks.

Perhaps it's my browser or connection, however I tested the bulk converter using the ranges I provided and nothing.

These 193 ranges were a very small group.

I'm working on the 192, which easily exceeds 200 lines of IP ranges.

If the following is all off-point, "Nevermind." :) Otherwise...

1.) I don't know what you mean by 'nothing' but in case it helps, here are the standard 'deny from' conversions for the ranges you provided in your OP (to which I added dashes and ordered low-to-high):

193.17.67.0 - 193.17.67.255
deny from 193.17.67.0/24

(in-between: deny from 193.17.68.0/22)

193.17.72.0 - 193.17.72.255
deny from 193.17.72.0/24

-----

193.17.188.0 - 193.17.188.255
deny from 193.17.188.0/24

193.17.202.0 - 193.17.202.255
deny from 193.17.202.0/24

193.17.206.0 - 193.17.206.255
deny from 193.17.206.0/24

193.17.207.0 - 193.17.207.255
deny from 193.17.207.0/24

193.17.211.0 - 193.17.211.255
deny from 193.17.211.0/24

193.17.218.0 - 193.17.218.255
deny from 193.17.218.0/24

193.17.231.0 - 193.17.231.255
deny from 193.17.231.0/24

The shortest forms would be to simply lop off the final ".0/24" parts -- e.g., deny from 193.17.231 -- unless doing so would be less efficient? CUE jdM:)

2.) I know you're looking to pick-and-choose but ALL of that latter. bigger bunch, including all in-betweens, can be denied in three lines:

deny from 193.17.188.0/22
deny from 193.17.192.0/19
deny from 193.17.224.0/21

3.) About the 192s: Unless you're really keen on picking through them, you could consider simply rewriting ^192 to a special page where any legit visitor could e-mail you (via a reCAPTCHA'd address if desired) for access.

(Aside: It's interesting to hear you've been beset by bad Scandinavian visitors. Compared to a region like Australasia, I have little to no trouble with Nordic countries. (knocks wood) Mostly with just a few .se Hosts that I selectively rewrite.)

Pfui,
Many thanks for your effort.
I'm focused on ONLY allowing the Scandinavian Countries (heavy widget territory), thus allowing the entire 192 is beyond my limits of reason and/or tolerance ;)

mod_access is NOT an option.
The range examples I've provided are ALLOW ranges.

Since your the only response to this thread, I'm going to assume that an alternative (other than manual creation) does not exist (which I was already keen on).

3.) About the 192s: Unless you're really keen on picking through them, you could consider simply rewriting ^192 to a special page where any legit visitor could e-mail you (via a reCAPTCHA'd address if desired) for access.

Doesn't CAPTCHA require Java?
My sites do not utilize any Java and/or scripts (by design).

(Aside: It's interesting to hear you've been beset by bad Scandinavian visitors. Compared to a region like Australasia, I have little to no trouble with Nordic countries. (knocks wood) Mostly with just a few .se Hosts that I selectively rewrite.)

Early on with my sites, I grew weary rapidly on non-NA regions crawling my sites while I was sleeping. And reacted accordingly.
I've even had some of the countries duplicate materials from my sites with little chance of compromise for removal. In addition, I neither speak or read any language other than English. The online translators, (as improved as they are), are still in effective.
I may be wasting my time with this effort, however many Scandinavian's are aware of me, my sites and their content, whether this will make any difference today and my presence as it was in 2000-01 is unknown.

As an aside, I've grown quite accustomed to NOT having to bother with the many, many types of Bots and other UA's that come from Euro countries and I'm sure to find that frustrating.

Generally speaking, (and even though Oceanic and Scandinavian countries offer a bigger market share (for my widgets) than most of the western US Time Zones, I don't visit their sites, and only very, very rarely do I make an exception. ("goose and gander").

1.) Carnegie Mellon university's "mailhide" version of the free reCAPTCHA service (see: recaptcha.net) works A-OK without any server- or page-based bells 'n' whistles.

After I bid adieu to mail forms a while back, I opted to use a graphic address on most pages and the e-mail version of reCAPTCHA for pages I know bots like to go. (I only wish I could get my brain around combining reCAPTCHA w/ a complicated Perl form.) Anyway...

2.) Right now I apply specific sets of Geo IP ranges from the first link; perhaps you might find the latter workable?

www countryipblocks.net/country-blocks/htaccess-deny-format/
www countryipblocks.net/country-blocks/htaccess-allow-format/
(not live-linked per policy req.)

3.) If you (or anyone else out there -- hello? Hellllo?) ever comes up with a non-regex solution for cherry picking aye-and-nay ranges, please reply here. Thanks:)

You could set up your own dsnrbl - like a spam blacklist but populated with your own IPs in singles or ranges. Linux rbldnsbl (wrbldnsbl for windows) holds the range in memory and is reputed to be very fast. I'm considering this possibility once I've managed to prove it for mail blacklisting. The beuty of this is the ready availability of country-based ranges formatted for rbldsbl.

CAPTCHA - I've never got around to implementing this but I did come across a CSS solution a year or so back. Fairly easy to bypsas, I suspect, but may be suitable for some circumstances.

I wrote a CAPTCHA that requires a server-side .dll file for image creation, a standard HTML form, and some server-side scripting; I use VBScript. I quit using it because a few JavaScript tricks does the job for me. If people can't be bothered to activate JS then I can't be bothered to hear from them. You're welcome to use my code.

Thanks, Gary, but it's not a case of development time but deployment time.

Don't be hard on people who turn off javascript. I always used to complain about them until the new wave of JS exploits became rife. Now I block JS on all sites except a very few that I need.

I now use NoScript in Firefox and recommend all my customers and contacts to do the same. So far, using it has blocked one injection attempt for me and not using it has let through an exploit on my brothers machine. :(

you could set up your own dsnrbl

I didn't have much lick finding valid references to this on a google.
There are multiple spelling variations, one even included a seperpation with an underscore.

Still considering the variations, no success that provided any details.

TIA

Sorry, my blunders. A bit of dislexic typing creeping in and a missing letter at the end:

dnsbl (generic term)
rbldnsd (Linux tool)
wrbldnsd (windows version of rbldnsd)

I now use NoScript in Firefox and recommend all my customers and contacts to do the same.

Same here, Don. And the overwhelming majority of visitors to the browser project use Firefox, so all I'm really saying is they should also be using NoScript and whitelist my site.