The first line in your example, is the CIDR notation - [en.wikipedia.org...]

The second line is the range's beginning and ending (easier to understand for a human :))

Both lines mean the same.

@azlinda

Using cPanel you can block with the following formats:

• Single IP address, example: 67.213.208.1

• IP address Range, example: 67.213.208.0–67.213.208.255
or 67.213.208.0–255

• CIDR format, example: 67.213.208.0/20

• Using Wildcard, example: 67.213.*.*

• Domain Name, example: uk2group.com

Note - most server farms also lease ranges to ISPs or private broadband, so mixed in with those hosting ranges are humans. If you block server farm ranges is is imperative that you closely watch your raw server logs to see exactly who is getting blocked. You will likely need to allow access to a few commonly used browser or app UAs.

Thank you both so much! Now I understand. I'm guessing there are others who do not completely understand it either. :)

I'm guessing there are others who do not completely understand it either. :)

It will be fun, if one day, we have to "speak" in IPv6 only :)

Logging either IPv4 or IPv6 is a server setting. While IPv4 settings do not log IPv6, servers set to IPv6 can also log IPv4.

I meant the notation of IPv6, is again more complex than IPv4 with CIDR, so the day we have to talk with IPv6 notations, some people will be totally lost ...

I have an awful time wrapping my brain around the fact that IPv6 addresses are not six pieces but eight. Why isn't it called IPv8?

But then, I also don't understand how two entirely different IP addresses can point to the same physical location (like a userspace on a server) :(

I also don't understand how two entirely different IP addresses can point to the same physical location (like a userspace on a server)

Because they're negotiated like many other things.

You can have an A record (for IPv4) and an AAAA record (for IPv6). Typically the AAAA record gets resolved first, then the A record. But you can have any number of IP addresses... they're just records (except you can only have one CNAME because of the limitation of canonical.)

I have an awful time wrapping my brain around the fact that IPv6 addresses are not six pieces but eight. Why isn't it called IPv8?

I don't know if your comment was humor or not. But just in case, (and i'll certainly be slapped for being off-topic), the "v" is just for the version number.

IPv4 = 4th version of the Internet protocol.

But just to add to the confusion:
- the 4th version is in fact the first one . Because the 3 first "versions" of the Internet protocol (end of the 70's), were experimentations only, this is why, they were called IEN ( Internet Experiment Note ).
- the 3 first "experimental versions" were not called 1, 2, 3, but "2", "26" , "24" and "41" (yes, 3 versions but 4 references). "54" is the final one, which became IPv4.

IPv5 was an experimentation only, for streaming.

And one last anecdote to definitively confuse you. Yes IPv6 is made of 8 groups of 16 bits, but the notation doesn't necessarily have 8 groups of hex values :)
if one group = 0000 , then it can be shortened to 0 (one zero only)
if several consecutive groups are 0 , they can be omitted !

For example, one IPv6 address of Google is :

2a00:1450:4007:80e:0000:0000:0000:**** ( I hide the last group for not hurting the privacy of Google )

this is shortened to :

2a00:1450:4007:80e:0:0:0:****

and shortened one more time to :

2a00:1450:4007:80e::****( 5 groups, instead of 8, and 6 intervals, because the 3 groups of zeros end to be replaced by an empty interval "::" )


- - -

[edited by: keyplyr at 3:15 am (utc) on Jun 18, 2018]
[edit reason] obscured IP addresses [/edit]

Yup, I knew the :: part. See it in logs all the time.

I like the :0000:0000:0000: sequence. So Googlish. When Facebook picks up images (by that name) from my personal site, which has an IPv6 address, their IP is always in the form
2a03:2880:\h+:\h+:face:\h+:\h+:\h+
Coincidence? I really don't think so. (Do Not Try This At Home. SubEthaEdit recognizes the \h shorthand, but most applications don't.)

face

neat :)

Just a note about using CPanel for IP blocking - and I don't know if it is still the case. Years (many years) ago when I began IP blocking I used CPanel. Not too far down the road I found out that after you have added some number of IPs/CIDRs, they lop off the first ones you added in order to add on new ones. It was around 2003 or 2004 when I quit using CPanel for that purpose and moved to a deny list in .htaccess. It is just simpler to update the .htaccess file and be certain of what is blocked if it is done on your own machine.

Back in 2010 I was moving a domain from one host to another for a friend and found they had been using CPanel for blocking. Their list was a lot longer than the one in CPanel on the old host which made me think they were still limiting it to "x" number of lines. They have updated it more than once since then, but I would want to be sure that blocked IPs stay blocked or else look into editing your .htaccess file.

CPanel has some useful features, but I would not ever rely on it for rewrites, canonicalization or IP blocking. Too easy to hurt yourself.

In addition to what not2easy said, I'll add that one of the issues most newcomers face with having a hosting company that uses cPanel, is that the admins can structure cPanel in many ways. So even if you study and learn cPanel functions, another host may have it set up differently.

I agree with not2easy to use htaccess to control server access if you use a shared host. Htaccess is robust, fast and relatively simple once you learn RegEx and how to use the various server module features. However, the only way to learn is by doing.