.htaccess – Deny IP & Block IP Range

The .htaccess file is a configuration file for the Apache web server, that can be used to restrict access to a web-site from a specific IP or a range of IP addresses.

In this note i will show how to deny access from one or several IP addresses via .htaccess file and how to block access from a range of IP addresses or from entire subnets.

Cool Tip: Redirect a website to a maintenance page via .htaccess! Read more →

Deny Access by IP

To deny access from a specific IP address, add this line to .htaccess file:

Deny from <ip-address>

Block access for several IP addresses:

Deny from <ip-address> <another-ip-address>
- or -
Deny from <ip-address>
Deny from <another-ip-address>

Restrict access from a subnet:

Deny from <ip-address>/<subnet>
- e.g. -
Deny from 192.16.0.1/16

To block a specific IP range you would have to represent it as a set of subnets, that can be easily done using IP Range to CIDR calculator.

For example, to block the IP range from 192.16.0.100 to 192.16.1.100, you should deny access from these subnets:

Deny from 192.16.0.100/30
Deny from 192.16.0.104/29
Deny from 192.16.0.112/28
Deny from 192.16.0.128/25
Deny from 192.16.1.0/26
Deny from 192.16.1.64/27
Deny from 192.16.1.96/30
Deny from 192.16.1.100/32

IP ranges in .htaccess can also be blocked using a wildcard, e.g.:

Deny from 192.16.0.1*
Deny from 192.16.*.*
Deny from 192.16

IPv6 addresses can be blocked via .htaccess similar to IPv4:

Deny from fe80::1ff:fe23:4567:890a
Deny from fe80::1ff:fe23:4567:890a/10
Deny from fe80::1ff:fe23:*:*
Deny from fe80::1ff:fe23

One Reply to “.htaccess – Deny IP & Block IP Range”

  1. how i can block host? same way as IP?

Leave a Reply