By using this site you agree to the use of cookies by Brugbart and our partners.

Learn more

Blocking IPs with Htaccess

How to block IPs with Htaccess files, and avoid unauthorized access to parts of your website.

Edited: 2015-12-04 12:28

Blocking IPs with htaccess is done by entering the IPs that you want to block individually. It is not recommended that you block long lists of IPs this way – if you need to block a lot of IPs, then you may want to consider using a Firewall and importing a blocklist.

Blocking IPs With Htaccess

To block IPs from accessing your website, you should type them into the .htaccess file individually, this can be done like below:

<Limit GET POST>
order deny,allow
deny from 10.0.0.2
deny from 10.0.0.4
allow from all
</Limit>

The above would allow everyone to access the site, except for those IP that you list using the deny rule. If you would rather like to block everyone, and only allow a select few IPs to access your site, you can use the below code.

<Limit GET POST>
order deny,allow
deny from all

# Just Allow a Single IP
allow from 10.0.0.2
</Limit>

This is useful if you have Admin sections on your site, which potentially could be vulnerable to attacks – simply denying access from unknown IPs can sometimes be easier than to update the whole admin module. You should ofcause replace 10.0.0.2 with a real WAN IP.

Last: Redirecting www to non and non to www