.htaccess file is a configuration file for the Apache web server, that can be used to restrict access to a web-site from a specific IP or a range of IP addresses.
In this note i will show how to deny access from one or several IP addresses via
.htaccess file and how to block access from a range of IP addresses or from entire subnets.
Cool Tip: Redirect a website to a maintenance page via
.htaccess! Read more →
Deny Access by IP
To deny access from a specific IP address, add this line to
Deny from <ip-address>
Block access for several IP addresses:
Deny from <ip-address> <another-ip-address> - or - Deny from <ip-address> Deny from <another-ip-address>
Restrict access from a subnet:
Deny from <ip-address>/<subnet> - e.g. - Deny from 220.127.116.11/16
To block a specific IP range you would have to represent it as a set of subnets, that can be easily done using IP Range to CIDR calculator.
For example, to block the IP range from 18.104.22.168 to 22.214.171.124, you should deny access from these subnets:
Deny from 126.96.36.199/30 Deny from 188.8.131.52/29 Deny from 184.108.40.206/28 Deny from 220.127.116.11/25 Deny from 18.104.22.168/26 Deny from 22.214.171.124/27 Deny from 126.96.36.199/30 Deny from 188.8.131.52/32
IP ranges in
.htaccess can also be blocked using a wildcard, e.g.:
Deny from 184.108.40.206* Deny from 192.16.*.* Deny from 192.16
IPv6 addresses can be blocked via
.htaccess similar to IPv4:
Deny from fe80::1ff:fe23:4567:890a Deny from fe80::1ff:fe23:4567:890a/10 Deny from fe80::1ff:fe23:*:* Deny from fe80::1ff:fe23