Friday, September 21, 2007

Use .htaccess to Deny Internet Protocol (IP) Address or Domain Name

You can use the .htaccess file to deny sites that are wreaking havoc on your site. I have a dozen or so IPs from a couple countries that are doing just that to one of my sites. You can block specific IPs/IP blocks or deny by domain names.

The first two lines (deny statements) are indicative of what I did. By the way, I don't control the main configuration of the host (server), so I had to use this file.

# vi .htaccess
order allow,deny
allow from all

deny from xxx.xxx.xx.xxx
deny from xxx.xxx.xxx.xxx
deny from xx.xxx.xx.
deny from xxx.xx.
deny from xx.
:wq!

Here's a screenshot (so tags shows up on this Blogger post) with the tags:









Extra:
If you are trying to block IPs on the Blogger.com platform, see this post: How to block IPs on Blogger.com

15 comments:

esofthub said...

< Files 403.shtml>
order allow,deny
allow from all
< Files>

I had the aforementioned preceding the deny statements in my post but Blogger didn't like the tag, <>. Even in this comment, I had to put a space in the tags to get the comment post to go. Obviously omit the space in the .htaccess file.

Dick said...

I'd rather they didn't get as far as apache. Why not just firewall them off?

esofthub said...

dick,

I prefer that method, too. But I'm using a shared webhost, and I don't control the webhost's configuration.

Donald Dunlop said...

I use "Blogger" as well but your description of how to implement this is unclear to me. Do I just paste your deny text into my template? If so, is there a specific place in the template where I should put it. Thanks in advance for helping me overcome my own ignorance.

esofthub said...

donald dunlop,

Yes to your question. Since my description was poorly written, I've included a screenshot with the tags. The contents of the screenshot was at the beginning of the file.

I apologize for being unclear and thanks for commenting. Roy

Donald Dunlop said...

Thank you very much. I write a college hockey blog and I have a tendency to attract certain types of trolls because of my outspoken nature. Usually, just informing a person that they are entirely unwelcome is enough to keep them away.

I prefer to interact with everybody (including anonymous folks) as long as they are reasonable but in almost 2 years this one cat has become only the second person I have had to delete comments. Coincindentally, both of the bad trolls I've had hail from St. Cloud, Minnesota. What a craphole that place must be with the vermin it spawns.

In any case, I'm was delighted to find a method and your post regarding this was quite timely. Thanks again. I'm fairly sure it is working as I've deleted 2 comments from him this morning and haven't found another. Of course, I understand that he can get a proxy and come back but if he is that determined to comment then I'll just have to turn on moderation.

esofthub said...

donald dunlop,

I had the same issue about a year ago, so I feel your pain. Hopefully your pesky visitor gets frustrated and goes away.

Roy

Donald Dunlop said...

Roy,
Sorry to report that I'm still sure my implentation of your solution is a failure. I pasted the text as you supplied into my blogger template. Please note I'm completely HTML ignorant but I've removed the < and > tags so it will publish here .... I'm copying exactly what I did here (and I've included the surrounding HTML where I put it right after the initial stuff that sets up the blog):

?xml version="1.0" encoding="UTF-8" ?
!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"
html xmlns='http://www.w3.org/1999/xhtml' xmlns:b='http://www.google.com/2005/gml/b' xmlns:data='http://www.google.com/2005/gml/data' xmlns:expr='http://www.google.com/2005/gml/expr'
head
b:include data='blog' name='all-head-content'/
title data:blog.pageTitle//title>
b:skin ![CDATA[/*

< Files 403.shtml >
order allow,deny
allow from all
< /Files >
deny from 68.187.152.xxx
--------------------------------------
Blogger Template Style
Name: Minima Stretch
Designer: Douglas Bowman / Darren Delaye
URL: www.stopdesign.com
Date: 26 Feb 2004
------------------------------------- */

/* Variable definitions

Donald Dunlop said...

Should I have placed it somewhere else within the template?

< Files 403.shtml >
order allow,deny
allow from all
< /Files >
deny from 68.187.152.xxx

I included spaces after and before the tags only for posting here. What is my HTML feebleness missing?

esofthub said...

No problem Donald. I really don't mind the questions.

I'm not sure how this implementation will work with the Blogger Template. This post is about placing an .htaccess file in a directory that you want to deny to an IP, IPs or IP blocks.

In my case, I put the .htaccess file in my document root directory

i.e.
/roysite/.htaccess

Donald Dunlop said...

Roy,
That must be my disconnect. Blogger hosts everything for me. I don't have any local (or otherwise hosted) files except at blogger's servers. So until they decide to support IP blocking, I guess I'm just out of luck.

Thanks again for all your time on this. I'll try emailing them.

esofthub said...

Donald,

You're welcome.

Maybe you can send Blogger a suggestion...

Roy

esofthub said...

Donald,

Here's your answer regarding blocking IPs on Blogger.com. Rose, the BloggerTalk.net Site Admin, was kind of enough to provide it. Here's her response.

http://www.bloggertalk.net/ftopicp-2167.html

Roy

Donald Dunlop said...

Roy,
I signed up. And it appears that it will work. Thanks so much. This is really helpful. I have a couple of bookmarks from other forums so I'll go update those conversations with this info as well. I'm glad I ran across your blog. Happy Unixing!
D

esofthub said...

No problem Donald and I hope it works out for you. Good luck.