Blocking IPs with htaccess is done by entering the IPs that you want to block individually. It is not recommended that you block long lists of IPs this way – if you need to block a lot of IPs, then you may want to consider using a Firewall and importing a blocklist.
Blocking IPs With Htaccess
To block IPs from accessing your website, you should type them into the .htaccess file individually, this can be done like below:
<Limit GET POST> order deny,allow deny from 10.0.0.2 deny from 10.0.0.4 allow from all </Limit>
The above would allow everyone to access the site, except for those IP that you list using the deny rule. If you would rather like to block everyone, and only allow a select few IPs to access your site, you can use the below code.
<Limit GET POST> order deny,allow deny from all # Just Allow a Single IP allow from 10.0.0.2 </Limit>
This is useful if you have Admin sections on your site, which potentially could be vulnerable to attacks – simply denying access from unknown IPs can sometimes be easier than to update the whole admin module. You should ofcause replace 10.0.0.2 with a real WAN IP.