web hosting reviews


How to block users from accessing your site based on their IP address

Web Hosting Articles \ A simple guide to .htaccess \ How to block users from accessing your site based on their IP address

Blocking users by IP address is pretty simple with .htaccess.
So here it is the example:

Order allow, deny
Deny from 192.168.0.10
Deny from 212.155.
Deny from 1.2.3.4  5.6.7.8 127.0.0.1
Allow from all

Let’s take a look at the code line by line:
The first line “Order allow, deny” tells the web server the “Order”  in which the Allow and Deny directive will be evaluated. It simply says: Give access to all hosts that are not present in the Deny from list and are present in the Allow from list.  With allow, deny order Allow list is looked up first and then the web server checks the deny from list. So as we have allow from all – all access is allowed. Then the allowed access is filtered based on the Deny lists. With allow,deny access is disabled by default.

If we change the order to “deny, allow” then all access is enabled by default and only users in the deny lists are blocked. However as the deny is being processed first allow directives will override any maching settings set in deny directives.

The default Apache order is deny,allow. So you can skip the first line in your .htaccess file if you do not need to change the order in which the Deny and Allow rules are being evaluated by the web server.

So to keep the .htaccess simple you can just use:

Deny from 192.168.0.10
Deny from 212.155.

Basically you can use such rules in your .htaccess file to block a particular user, or a network from accessing your site.
You can put several IP address in a Deny or Allow rule. For example:

Deny from 1.2.3.4   5.6.7.9

The IP addresses must be separated by a space or tab.

You can put entire networks as

Deny from 212.155.

This will block all users which IP addresses start with 212.155

Or to block all access to your site:

Deny from all

And then add another line to enable access only for yourself:

Allow from 1.2.3.4

Where “1.2.3.4” should be replaced with your computer IP address.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 13 >>

Mark Said,
Mar 04, 2007 @ 21:47

Our union website is being accessed by unauthorized people, even though I've placed a disclaimer on our opening page. I've added stat counter invisible counter programs on our website and I know the IP addresses of the computers gaining unauthorized access and I want to block those specific IP's. I tried using directions from another link to create the following test to deny my IP to see if it works and it doesn't. I substitued the 'x's below with my IP address.

order deny,allow
deny from xxx.xxx.xxx.xx
allow from all

I opened "notepad" and typed those lines above and saved it as .htaccess. The computer maded it a .txt file. I added it to my web page, uploaded it to my FTP then renamed it by taking out the .txt extension, which the other website said to do. Still no effect. What do I need to do here? I appreciate your help.
vince Said,
Mar 06, 2007 @ 09:44

Please, make sure that the file is named:

.htaccess

with a dot (.) at the begining
Lodovikus Sintus Said,
Mar 16, 2007 @ 02:33

Hello everybody'
how many .htaccess files can I have in one folder?.

I already have one working for reading PHP script on html pages.
Thanks for your time

Regards
Lodovikus sintus
vince Said,
Mar 16, 2007 @ 16:33

You can have a single .htaccess file per folder.

However, you can add as many statements in it as you wish.

If you already have a statement that makes HTML pages to work as PHP, then just add new lines for the other options that you need.
J Said,
Apr 14, 2007 @ 20:57

Notepad's a pain; whatever you save will have a .txt extension unless you enter the file name to save as "file.name" (*include* the quotes).

For .htaccess, type ".htaccess"

Remember to select 'All Files' from the 'Save as type' drop-down.
shahid Said,
Nov 04, 2007 @ 10:37

my network is local area connection so other
user conncted to my pc ip and my presnal
file use so u pls help me i block other ip
sam Said,
Feb 08, 2008 @ 04:11

thats a great post... I have a name of a network which i need to block from accessing my website, how can i do that.
vince Said,
Feb 08, 2008 @ 07:28

If you want to block a user by hostname you can use:

Deny from example.com

where you can replace the example.com
sam Said,
Feb 08, 2008 @ 09:34

its working great... thanks vince :-)
Bai Said,
Feb 27, 2008 @ 14:10

I would like to block IP address; but what if it's different every time. how can i block it? or check what network it's coming from?
nanciesweb Said,
Mar 18, 2008 @ 08:27

IP addresses aren't an exact science, thanks to proxy servers and dial-up connections (yes, some still use dial-up).

The problem is that if you block a group of IP addresses trying to stop one person from accessing your site (as in a malicious poster), you may start blocking those you don't want to block. What's more, IP addresses are often recycled, so you might end up blocking someone unintentionally.
SoftGil Said,
Mar 29, 2008 @ 05:21

I understood everything posted above and it works. Thank you all. One question, though:

I would like to display a page to those banned IP's explaining them WHY their IP is banned.

Is that possible? How?

Thanks for your valuable help.
Web 2.0 Blog Usability Blog Said,
Apr 07, 2008 @ 07:50

How do you create the .htaccess file? It won;t let me edit it in dreamweaver.
Your comments on this article

(required)

(required but never displayed)



security code


Previous: Duplicate content fix index.html vs / (slash only) Next: How to prevent or allow directory listing?

Back to Web Hosting Articles list

Web hosting companies A-Z:
All web hosting companies

About - Terms of Use - Privacy Policy -
Web Hosting Reviews