Building BobSmithPhotography.net has stopped expanding because I've been overwhelmed with spam on the comment forums. So, if you're here and have questions about web design come and visit Forums, Blogs, Wikis dot com. It has articles that I've written, some of which are also here, and a web design forum as well so you can ask any questions you may have. There is still a lot of good stuff here though, so poke around the links and take a look.

Home » Other Tips » .htaccess » Deny Users by IP Address

Deny users by IP address

Occassionally a site will receive visits from a bad source. This could be someone trying to hack your server or just somebody (or a robot) taking up too many of your resources.  .htaccess allows us to secure against this by allowing or denying visitors by their IP address. 

Let's look at the following code.

Order deny, allow
Deny from 123.123.123.123
Deny from 234
Allow from all

The first line tells Apache to deny first, then allow.   The second line blocks any visitor from IP address 123.123.123.123.  The third line blocks anyone with an IP starting with 234 - so 234.123.123.123 would be blocked.  The last line tells Apache to allow anyone that doesn't match the deny lines in.

The example above would be used when you want to deny a few specific addresses.  What happens if you only want to allow a few?

Order allow, deny
Allow from 123.123.123.123
Deny from all

Let's say you are on IP address 123.123.123.123 and while developing your site you don't want anyone else to be able to view it.  The code above will block everybody else with a 403 Forbidden error.  You will be able to get through.

Custom Error Pages « .htaccess » Changing the Default File

Content managed by the Etomite Content Management System.