Ratings, reviews, plans and features to help you find the right web hosting provider for your site.

How to block users from accessing your site based on their IP address

Web Hosting Articles » A simple guide to .htaccess » How to block users from accessing your site based on their IP address



Blocking users by IP address is pretty simple with .htaccess.
So here it is the example:

Order allow, deny
Deny from 192.168.0.10
Deny from 212.155.
Deny from 1.2.3.4  5.6.7.8 127.0.0.1
Allow from all

Let’s take a look at the code line by line:
The first line “Order allow, deny” tells the web server the “Order”  in which the Allow and Deny directive will be evaluated. It simply says: Give access to all hosts that are not present in the Deny from list and are present in the Allow from list.  With allow, deny order Allow list is looked up first and then the web server checks the deny from list. So as we have allow from all – all access is allowed. Then the allowed access is filtered based on the Deny lists. With allow,deny access is disabled by default.

If we change the order to “deny, allow” then all access is enabled by default and only users in the deny lists are blocked. However as the deny is being processed first allow directives will override any maching settings set in deny directives.

The default Apache order is deny,allow. So you can skip the first line in your .htaccess file if you do not need to change the order in which the Deny and Allow rules are being evaluated by the web server.

So to keep the .htaccess simple you can just use:

Deny from 192.168.0.10
Deny from 212.155.

Basically you can use such rules in your .htaccess file to block a particular user, or a network from accessing your site.
You can put several IP address in a Deny or Allow rule. For example:

Deny from 1.2.3.4   5.6.7.9

The IP addresses must be separated by a space or tab.

You can put entire networks as

Deny from 212.155.

This will block all users which IP addresses start with 212.155

Or to block all access to your site:

Deny from all

And then add another line to enable access only for yourself:

Allow from 1.2.3.4

Where “1.2.3.4” should be replaced with your computer IP address.


  1. How to block users from accessing your site based on their IP address
  2. How to prevent or allow directory listing?
  3. How to change the error documents – 404 Page Not Found, etc
  4. Using .htaccess for password protecting your folders
  5. Using .htaccess to block referrer spam
  6. Disable Hot-Linking of images and other files
  7. Redirect URLs using .htaccess
  8. Introduction to mod_rewrite and some basic examples
  9. Force SSL/https using .htaccess and mod_rewrite
  10. 301 Permanent redirects for parked domain names
  11. Enable CGI, SSI with .htaccess
  12. How to add Mime-Types using .htaccess
  13. Change default directory page
  14. Block Bad robots, spiders, crawlers and harvesters
  15. Make PHP to work in your HTML files with .htacess
  16. Change PHP variables using .htaccess
  17. HTTP Authentication with PHP running as CGI/SuExec
  18. Force www vs non-www to avoid duplicate content on Google
  19. Duplicate content fix index.html vs / (slash only)

Comments 54 >>

Mark Said,
Mar 04, 2007 @ 21:47

Our union website is being accessed by unauthorized people, even though I've placed a disclaimer on our opening page. I've added stat counter invisible counter programs on our website and I know the IP addresses of the computers gaining unauthorized access and I want to block those specific IP's. I tried using directions from another link to create the following test to deny my IP to see if it works and it doesn't. I substitued the 'x's below with my IP address.

order deny,allow
deny from xxx.xxx.xxx.xx
allow from all

I opened "notepad" and typed those lines above and saved it as .htaccess. The computer maded it a .txt file. I added it to my web page, uploaded it to my FTP then renamed it by taking out the .txt extension, which the other website said to do. Still no effect. What do I need to do here? I appreciate your help.
vince Said,
Mar 06, 2007 @ 09:44

Please, make sure that the file is named:

.htaccess

with a dot (.) at the begining
Lodovikus Sintus Said,
Mar 16, 2007 @ 03:33

Hello everybody'
how many .htaccess files can I have in one folder?.

I already have one working for reading PHP script on html pages.
Thanks for your time

Regards
Lodovikus sintus
vince Said,
Mar 16, 2007 @ 17:33

You can have a single .htaccess file per folder.

However, you can add as many statements in it as you wish.

If you already have a statement that makes HTML pages to work as PHP, then just add new lines for the other options that you need.
J Said,
Apr 14, 2007 @ 20:57

Notepad's a pain; whatever you save will have a .txt extension unless you enter the file name to save as "file.name" (*include* the quotes).

For .htaccess, type ".htaccess"

Remember to select 'All Files' from the 'Save as type' drop-down.
shahid Said,
Nov 04, 2007 @ 10:37

my network is local area connection so other
user conncted to my pc ip and my presnal
file use so u pls help me i block other ip
sam Said,
Feb 08, 2008 @ 04:11

thats a great post... I have a name of a network which i need to block from accessing my website, how can i do that.
vince Said,
Feb 08, 2008 @ 07:28

If you want to block a user by hostname you can use:

Deny from example.com

where you can replace the example.com
sam Said,
Feb 08, 2008 @ 09:34

its working great... thanks vince :-)
Bai Said,
Feb 27, 2008 @ 14:10

I would like to block IP address; but what if it's different every time. how can i block it? or check what network it's coming from?
nanciesweb Said,
Mar 18, 2008 @ 09:27

IP addresses aren't an exact science, thanks to proxy servers and dial-up connections (yes, some still use dial-up).

The problem is that if you block a group of IP addresses trying to stop one person from accessing your site (as in a malicious poster), you may start blocking those you don't want to block. What's more, IP addresses are often recycled, so you might end up blocking someone unintentionally.
SoftGil Said,
Mar 29, 2008 @ 06:21

I understood everything posted above and it works. Thank you all. One question, though:

I would like to display a page to those banned IP's explaining them WHY their IP is banned.

Is that possible? How?

Thanks for your valuable help.
Web 2.0 Blog Usability Blog Said,
Apr 07, 2008 @ 07:50

How do you create the .htaccess file? It won;t let me edit it in dreamweaver.
vikas Said,
Aug 07, 2008 @ 06:33

Can any 1 know how to block IP ADDRESS in godaddy hosted site.
I dont know to access .htaccess page

MY SITE
Jason Rasp Said,
Sep 03, 2008 @ 22:55

How would I go about entering the information I have seen on here for blocking people from viewing my myspace page? It is set to private but people are still able to view the beginning portion of it and further investigation reveals that with mozila firefox people can actually get past the beginning of your page and view everything.I have since used a tracking site to retreive a list of ip addresses that have been viewing the page and now I want to block them. I understand the programming written here and how it should be done, just need to know where on myspace I need to place it. Is it in the profile where it says headline? Thanks.
Raj Said,
Nov 03, 2008 @ 01:40

i want the following question's answers

How can you block certain IP Addresses from accessing your site?
GMC Said,
Dec 19, 2008 @ 12:29

To answer the question about an .htaccess file on a Godaddy hosted account:

All you have to do is to add the file into the root of each directory that you have a website posted to. Each folder can have a unique .htaccess file.
MBM Said,
Jan 02, 2009 @ 04:29

Raj,

To block a certain IP address from accessing your site, create or modify a .htaccess file for your site.

In the file include the following (this is from the example listed above on this page with a bit of explanation):

Order allow, deny
Deny from 192.168.0.10 (this being a sample IP address, replace with the specific address you want to block - you can add as many of these deny statements as you need)
Allow from all
uh i did that Said,
Feb 12, 2009 @ 16:45

and... im like locked out cause i banned my ip
i get error 500. i cant go to my own site i deleted htaccess file too.wat do i do?
vince Said,
Feb 12, 2009 @ 17:03

FTP to your website and delete the .htaccess file. Or use your web hosting account Control panel to delete the file.
laura Said,
Feb 13, 2009 @ 11:02

no i did delete the file n i was still banned i had to go to my computer nnnn change my ip
Munir Said,
Mar 26, 2009 @ 14:42

Hi all,
I have a situation in our network, where I want to give access to a particular internet site to some of the pcs(around 20).We are using a firewall where there is no web filter facility.Can anyone give some idea ?How can I block all site and give access to only one particular site to those pcs?
Thanks
Munir
marc Said,
May 02, 2009 @ 01:37

My server has a firewall. So blocking ips are pretty much easy. Even option is there in cpanel.
raj Said,
Jan 25, 2010 @ 19:41

Hi all,
I need to block the requests from my competitors IP address I know there IP address as well, example :172.168.1.2. 172.168.1.3 172.168.1.4 172.168.1.5
192.168.0.100

I created a .htaccess file now I'm getting 500 Internal Server Error error, I need to know Modsecurity rule .
Please help me

Thanks
Raj
Me Said,
Feb 03, 2010 @ 16:41

When you have banned someone from accessing your site using .htaccess, how do you know it's actually working?

I'm attempting to ban someone based on their URL, but how do I know that it is actually working?

Also, can you ban using the nameserver, if you don't have their actual IP address?
Vince Said,
Feb 03, 2010 @ 19:10

Check your access logs. You should see 403 HTTP Error codes there for the banned IP addresses.
Vanessa Said,
May 14, 2010 @ 12:58

Hi, I have issues w a stalker that blocks his ip address to go on my blog and social networks. Is there anything that can block people that hide or use fake ip's from my blog or social accounts? If there is anything you can recommend, I would really be grateful, thank you.
blockedip Said,
May 25, 2010 @ 18:54

How could i blocked unwanted visitors from my weblog? Please tell me
ajayraj Said,
Aug 10, 2010 @ 02:33

i want to know that how can i ban some of the site so that no one can acess these site instead of me will you please tell me how can i do it
i will be very thankfull to you
American Classifieds Site Said,
Oct 07, 2010 @ 00:02

How do you multiple ip block a single webpage from your htaccess file?
dannie Said,
Nov 20, 2010 @ 10:53

Beethink ip blocker bans ip addresses with .htaccess. It has worked for my servers for several months.
http://www.beethink.com/BeeGuardian/IPBlocker/IPBlocker.htm
dammy Said,
Dec 18, 2010 @ 06:07

how to block an ip from viewing your website
i did not no anything about this i want some one in here to help me do it
Vivek Parmar Said,
Jan 11, 2011 @ 04:58

Thanks for useful information. will be helpful in banning spammers
jules Said,
Mar 02, 2011 @ 22:45

i'm trying to do this .htaccess thingy and when i save it as "all files" it wont let me reopen it what am i doing wrong?
Mike Said,
Apr 02, 2011 @ 12:09

Hi guys: How can i block some one by postal code to zip code to not access my website. Because if i block someone by IP address, he might change his IP or even if he is using a dynamic ip it automatically change by ISP after some times. Can any one help me
haryana student Said,
Apr 05, 2011 @ 11:46

yes, this method is the best as u explained. however, sometimes ISPs allot dynamic IPs to their client. in such a case, visitor can simply switch off and then switch on his modem. his ip address will change.
Rich Said,
Aug 02, 2011 @ 19:20

I have a reverse question of "How to block users from accessing your site based on their IP address": How to regain access if I am the user?

I found I can access one site with some computers but not others (all public ones). That's why I have this question.

Thanks!
Alexander Said,
Aug 13, 2011 @ 06:11

I am not technical by nature and am using a WYSIWYG software for my website. Where would I place this code?
maria Said,
Oct 03, 2011 @ 00:02

I created an .htaccess file, but when i test it my friend can still see my site. where do I place the file? I think that is the problem.

Also, do I use * with the text? I am not now. I have it as shown here, but it is not working.

I really need to block several people. They go to my site and they back-click to lower my Google ranking. They do it everyday. About ten of them.

I don't know if Google will help.

They also click my Google ads, but I have blocked most of those, until they go to a different IP address.

Please help.
طراحی سایت Said,
Oct 10, 2011 @ 17:31

I'm using windows host. Is there any possibility for blocking ip in Windows hosts?
amit patel Said,
Oct 14, 2011 @ 01:14

hello friends,
i want to block all website in my internet connection without only my selected two website in window pls help me
FERB WL Said,
Nov 10, 2011 @ 01:04

I have found it interesting, I hate people advertising on the comments.
Mangal Said,
Nov 18, 2011 @ 02:59

Hi all,

I need to block the requests comming from IP address which i know. those ips are doing wrong on mur websites. I created a .htaccess with following line:

Order allow, deny
Deny from XXX.XXX.XX.XX
Deny from XXX.XXX.XX.XX
Deny from XXX.XXX.XX.XX
Allow from all

after that i am getting 500 Internal Server Error error.

Please help me how to block certain ips for my website.

Thanks
Mangal
Miguel Said,
Dec 07, 2011 @ 18:23

Is there any PHP code to alter the response code of a server before the access is done? for example after detecting an spamer IP, can we ban him by returning an 403 code after an http access by him? Is such a PHP code available?
max Said,
Jan 08, 2012 @ 17:43

I am trying to block ipaddress from all address except the ranges below. Can you please help.

10.0.0.0/8
192.168.0.0/16

I am trying the following and it does not work.

deny from all
allow from 10.0.0.0/8
allow from 192.168.0.0/16
ErrorDocument 403 http://dhr.maryland.gov
teach Said,
Jan 17, 2012 @ 22:32

any clear examples?

what if I want to deny a single ip address?
example:

198.169.281
JR Said,
Feb 29, 2012 @ 13:38

Is there a place inside the .htaccess code that the deny code needs to be placed?
Banes Said,
Oct 08, 2012 @ 20:11

This is a good tip, but why would you stop traffic to your entire site. Instead block certain pages of your site, like the post page or download page for example. Maxminds free Geoip software does this very well.

Get the best of both worlds. Get traffic and block certain parts of your site.
kaide Said,
Nov 15, 2012 @ 21:43

dosn't work here
kelvin Said,
Feb 20, 2014 @ 10:36

Thanks for your support. I have received this annoying bastard who has been bothering me on the internet.
suseelan yadav Said,
May 10, 2014 @ 04:49

Thank you so much. You same my life.
suseelan yadav Said,
May 10, 2014 @ 05:31

Thank you so much. You same my life.
you saved my www.trawelmart.com & www.australia-newzealand-tours.com websites from unnecessary problem making users.
arpita Said,
Jul 22, 2014 @ 02:05

Hello,

I have one question I am working on website and in that i have to add functionality like when user visit site more than 50 times then that site is block automatically for that particular user but without login..

so plzzzzzz help or if any plugin is available then tell me.. its very time consuming for me.

thank you in advance..
vane Said,
Oct 15, 2014 @ 10:42

writeessaysformoney.biz/ write essay for cheap money.
Your comments on this article

(required)

(required but never displayed)



security code



Previous: Duplicate content fix index.html vs / (slash only) Next: How to prevent or allow directory listing?