Let me start by saying I am new to creating an htaccess file. I want to deny certain IPs from access to our site. I created this and I am looking for validation that this is correct. I know that there is no advanced redirect page within this as I am not sure how to accomplish that yet. I am more concerned that this snippet would work to block IPs. Thanks in advance for any and all help.
#.htaccess
DirectoryIndex index.htm
#deny list
order allow,deny
allow from all
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
Looks good to me, assuming you're on Apache 2.2 To block individual visitors, you can use the following directives:
Order Allow,Deny
Allow from all
Deny from 123.123.123.123
Instead of blocking visitors, you can redirect them to another location. Here's how to do it using Apache's mod_rewrite:
#<IfModule mod_rewrite.c>
RewriteCond %{REMOTE_ADDR} ^123\.123\.123\.123$
RewriteRule .* https://www.google.com [R=301,L]
#</IfModule>
See also: https://htaccessbook.com/block-ip-address/
Alternatively, try this to block a range if IPS (here 10.0.8.0-10.0.8.21:
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^10\.0\.8\.(2[01]|[0-9][0-9]|[0-9])
#or RewriteCond %{HTTP_HOST} 12\.34\.56\.789
RewriteRule .* https://www.google.com [L,R=301]
If you are on Apache 2.4 this link from the htaccess book shows the differences between 2.2 and 2.4: https://htaccessbook.com/access-control-apache-2-4/
Related
Normally I create IP restrictions with adding following snippet in .htaccess:
<Limit GET POST>
order deny,allow
deny from all
allow from 23.98.431.9
allow from 123.456.78.9
allow from 9.876.54.32
allow from 555.333.2.33
</Limit>
Above snippet works perfectly if only one domain is pointing to webroot. But how can I add an IP restriction for only one domain if multiple domains point to the same webroot? For example:
www.example.com
wwww.examplewebsite.com
wwww.exampleawesome.com
All above domains are pointing to the same webroot. But now I need to restrict access for only www.example.com (certain IPs are allowed to see the site). How can I achieve this?
Thank you so much!
You can use mod_rewrute rules for this in root .htaccess like this:
RewriteEngine On
RewriteBase /
RewriteCond %{REQUEST_METHOD} ^(GET|POST)$ [NC]
RewriteCond %{HTTP_HOST} ^(?:www\.)?example\.com$ [NC]
RewriteCond %{REMOTE_ADDR} !^(23\.98\.431\.9|123\.456\.78\.9|9\.876\.54\.32|555\.333\.2\.33)$
RewriteRule ^ - [F]
I have restrict rules in htaccess
order deny,allow
deny from all
allow from 111.111.222.222
How could I make something like this?
order deny,allow
deny from all
allow from sub.domain.tld
My IP is changing frequently and I have domain name A DNS record for this IP as sub.domain.tld. This would save me much time when my IP changes because I don't need to change all htaccess files with the new one IP.
I tried it but unfrotunatelly it is not working. Any workaround for this? Many thanks.
Try this rewrite rule in your DOCUMENT_ROOT/.htaccess file:
RewriteEngine On
RewriteCond %{REMOTE_HOST} !^sub\.domain\.tld$ [NC]
RewriteCond %{REMOTE_ADDR} !^(11\.22\.33\.44|66\.77\.88\.99)
RewriteRule ^ - [F]
I have a large htaccess file for my site. One of the IPs I'm trying to block is 27.153.228.56
Despite my htaccess, I still see 27.153.228.56 showing up in my latest visitor logs.
Is there something wrong with my htaccess that's allowing this IP to access the site?
There are many more IPs blocked but this is an abbreviated version:
# Protect from spam bots
<IfModule mod_rewrite.c>
RewriteEngine On
RewriteCond %{REQUEST_METHOD} POST
RewriteCond %{REQUEST_URI} .wp-comments-post\.php*
RewriteCond %{HTTP_REFERER} !.garagehangover.com* [OR]
RewriteCond %{HTTP_USER_AGENT} ^$
RewriteRule (.*) ^http://%{REMOTE_ADDR}/$ [R=301,L]
</IfModule>
# Begin IP blocking #
Order Allow,Deny
deny from 27.153.228.56
# End IP blocking #
#Begin Bad Bot Blocking
BrowserMatchNoCase yandex bad_bot
Deny from env=bad_bot
# End Bad Bot Blocking
Allow from all
Order Deny,Allow
And remove Allow from all
This will process all the deny rules, and if none match, allow the request.
Also, generally you would put these rules before the RewriteEngine on directive.
Looks ok to me. But you could try to block a range of IPs like this...
deny from 27.153.228.0/255.255.255.0
or this
deny from 27.153.0.0/255.255.0.0
Trying to block directory access from everyone except 1 IP address. This .htaccess code blocks access but it blocks access to everything including images, css, etc. What do I need to change?
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Anyone accessing mysite.com/hidedirectory except me should redirect to mysite.com. Is there a better, more secure way to do this including something like an http response code?
Better way is to do this in your .conf file:
<Directory /hidedirectory>
options -Indexes
Order Deny,Allow
Deny from all
Allow from XX.XXX.XX.XXX
</Directory>
This will deny everythig like your rewrite rules.
But since you want to allow access to images/css etc...
RewriteCond %{REMOTE_ADDR} !^XX\.XXX\.XX\.XXX$
RewriteCond %{REQUEST_URI} !\.(?:jpe?g|png|gif|css)$ [NC]
RewriteRule ^hidedirectory(.*)$ http://site.com/ [R,L]
Add any other extensions into (?:jpe?g|png|gif|css) suffixed by a |(or).
i want to use .htacess to block all domains to access my images folder.
this folder is only accessible by own domain only.
I think what you are looking for is some sort of hotlink protection in which case this in your .htaccess file should work:
RewriteEngine on
RewriteCond %{HTTP_REFERER} !^$
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?yourdomain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif)$ - [NC,F,L]
Change yourdomain.com to whatever your domain is. Change the RewriteRule to include any file extensions you wish to block and then place the entire thing in a .htaccess file in the directory you wish to protect.
As described in this page of Apache docs, you can accomplish it with the following directives, replacing example\.com with your domain name (please remember to escape any dot characters from . to \.:
SetEnvIf Referer example\.com localreferer
<FilesMatch \.(jpe?g|png|gif)$>
Order deny,allow
Deny from all
Allow from env=localreferer
</FilesMatch>