Ratings, reviews, plans and features to help you find the right web hosting provider for your site.

How to block users from accessing your site based on their IP address

Web Hosting Articles » A simple guide to .htaccess » How to block users from accessing your site based on their IP address


Blocking users by IP address is pretty simple with .htaccess.
So here it is the example:

Order allow, deny
Deny from 192.168.0.10
Deny from 212.155.
Deny from 1.2.3.4  5.6.7.8 127.0.0.1
Allow from all

Let’s take a look at the code line by line:
The first line “Order allow, deny” tells the web server the “Order”  in which the Allow and Deny directive will be evaluated. It simply says: Give access to all hosts that are not present in the Deny from list and are present in the Allow from list.  With allow, deny order Allow list is looked up first and then the web server checks the deny from list. So as we have allow from all – all access is allowed. Then the allowed access is filtered based on the Deny lists. With allow,deny access is disabled by default.

If we change the order to “deny, allow” then all access is enabled by default and only users in the deny lists are blocked. However as the deny is being processed first allow directives will override any maching settings set in deny directives.

The default Apache order is deny,allow. So you can skip the first line in your .htaccess file if you do not need to change the order in which the Deny and Allow rules are being evaluated by the web server.

So to keep the .htaccess simple you can just use:

Deny from 192.168.0.10
Deny from 212.155.

Basically you can use such rules in your .htaccess file to block a particular user, or a network from accessing your site.
You can put several IP address in a Deny or Allow rule. For example:

Deny from 1.2.3.4   5.6.7.9

The IP addresses must be separated by a space or tab.

You can put entire networks as

Deny from 212.155.

This will block all users which IP addresses start with 212.155

Or to block all access to your site:

Deny from all

And then add another line to enable access only for yourself:

Allow from 1.2.3.4

Where “1.2.3.4” should be replaced with your computer IP address.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 23 >>

Mark Said,
Mar 04, 2007 @ 21:47

Our union website is being accessed by unauthorized people, even though I've placed a disclaimer on our opening page. I've added stat counter invisible counter programs on our website and I know the IP addresses of the computers gaining unauthorized access and I want to block those specific IP's. I tried using directions from another link to create the following test to deny my IP to see if it works and it doesn't. I substitued the 'x's below with my IP address.

order deny,allow
deny from xxx.xxx.xxx.xx
allow from all

I opened "notepad" and typed those lines above and saved it as .htaccess. The computer maded it a .txt file. I added it to my web page, uploaded it to my FTP then renamed it by taking out the .txt extension, which the other website said to do. Still no effect. What do I need to do here? I appreciate your help.
vince Said,
Mar 06, 2007 @ 09:44

Please, make sure that the file is named:

.htaccess

with a dot (.) at the begining
Lodovikus Sintus Said,
Mar 16, 2007 @ 02:33

Hello everybody'
how many .htaccess files can I have in one folder?.

I already have one working for reading PHP script on html pages.
Thanks for your time

Regards
Lodovikus sintus
vince Said,
Mar 16, 2007 @ 16:33

You can have a single .htaccess file per folder.

However, you can add as many statements in it as you wish.

If you already have a statement that makes HTML pages to work as PHP, then just add new lines for the other options that you need.
J Said,
Apr 14, 2007 @ 20:57

Notepad's a pain; whatever you save will have a .txt extension unless you enter the file name to save as "file.name" (*include* the quotes).

For .htaccess, type ".htaccess"

Remember to select 'All Files' from the 'Save as type' drop-down.
shahid Said,
Nov 04, 2007 @ 10:37

my network is local area connection so other
user conncted to my pc ip and my presnal
file use so u pls help me i block other ip
sam Said,
Feb 08, 2008 @ 04:11

thats a great post... I have a name of a network which i need to block from accessing my website, how can i do that.
vince Said,
Feb 08, 2008 @ 07:28

If you want to block a user by hostname you can use:

Deny from example.com

where you can replace the example.com
sam Said,
Feb 08, 2008 @ 09:34

its working great... thanks vince :-)
Bai Said,
Feb 27, 2008 @ 14:10

I would like to block IP address; but what if it's different every time. how can i block it? or check what network it's coming from?
nanciesweb Said,
Mar 18, 2008 @ 08:27

IP addresses aren't an exact science, thanks to proxy servers and dial-up connections (yes, some still use dial-up).

The problem is that if you block a group of IP addresses trying to stop one person from accessing your site (as in a malicious poster), you may start blocking those you don't want to block. What's more, IP addresses are often recycled, so you might end up blocking someone unintentionally.
SoftGil Said,
Mar 29, 2008 @ 05:21

I understood everything posted above and it works. Thank you all. One question, though:

I would like to display a page to those banned IP's explaining them WHY their IP is banned.

Is that possible? How?

Thanks for your valuable help.
Web 2.0 Blog Usability Blog Said,
Apr 07, 2008 @ 07:50

How do you create the .htaccess file? It won;t let me edit it in dreamweaver.
vikas Said,
Aug 07, 2008 @ 06:33

Can any 1 know how to block IP ADDRESS in godaddy hosted site.
I dont know to access .htaccess page

MY SITE
Jason Rasp Said,
Sep 03, 2008 @ 22:55

How would I go about entering the information I have seen on here for blocking people from viewing my myspace page? It is set to private but people are still able to view the beginning portion of it and further investigation reveals that with mozila firefox people can actually get past the beginning of your page and view everything.I have since used a tracking site to retreive a list of ip addresses that have been viewing the page and now I want to block them. I understand the programming written here and how it should be done, just need to know where on myspace I need to place it. Is it in the profile where it says headline? Thanks.
Raj Said,
Nov 03, 2008 @ 01:40

i want the following question's answers

How can you block certain IP Addresses from accessing your site?
GMC Said,
Dec 19, 2008 @ 12:29

To answer the question about an .htaccess file on a Godaddy hosted account:

All you have to do is to add the file into the root of each directory that you have a website posted to. Each folder can have a unique .htaccess file.
MBM Said,
Jan 02, 2009 @ 04:29

Raj,

To block a certain IP address from accessing your site, create or modify a .htaccess file for your site.

In the file include the following (this is from the example listed above on this page with a bit of explanation):

Order allow, deny
Deny from 192.168.0.10 (this being a sample IP address, replace with the specific address you want to block - you can add as many of these deny statements as you need)
Allow from all
uh i did that Said,
Feb 12, 2009 @ 16:45

and... im like locked out cause i banned my ip
i get error 500. i cant go to my own site i deleted htaccess file too.wat do i do?
vince Said,
Feb 12, 2009 @ 17:03

FTP to your website and delete the .htaccess file. Or use your web hosting account Control panel to delete the file.
laura Said,
Feb 13, 2009 @ 11:02

no i did delete the file n i was still banned i had to go to my computer nnnn change my ip
Munir Said,
Mar 26, 2009 @ 13:42

Hi all,
I have a situation in our network, where I want to give access to a particular internet site to some of the pcs(around 20).We are using a firewall where there is no web filter facility.Can anyone give some idea ?How can I block all site and give access to only one particular site to those pcs?
Thanks
Munir
marc Said,
May 02, 2009 @ 01:37

My server has a firewall. So blocking ips are pretty much easy. Even option is there in cpanel.
Your comments on this article

(required)

(required but never displayed)



security code


Previous: Duplicate content fix index.html vs / (slash only) Next: How to prevent or allow directory listing?

Back to Web Hosting Articles list