I’ve been going through my website traffic statistics for my blog and noticed some spikes in activity in terms of page hits, that could not be accounted for as legitimate user traffic. So within my webalizer tool (A free tool used to monitor domain traffic and activity) I decided to hunt down the source of this rise in activity. Here I found IP addresses that have accessed my site and found the culprit. This particular IP registered a total of 3,000 hits in one day. I then used a free ‘who is’ online service (Honey Pot Project or Whois.net) to check who owns the IP and I discovered that this is a spammer / scammer. So let’s get to blocking.
The .htaccess file
First of all, .htaccess (hypertext access), in several web servers (most commonly Apache), is the default name of a directory-level configuration file that allows for decentralized management of web server configuration. The .htaccess file is placed inside the web directory tree, and is able to override a subset of the server’s global configuration; the extent of this subset is defined by the web server administrator, which is you. Basically, you can allow or deny access to your site, whether robots (crawlers) or human visitors.
To create the .htaccess file, simply open your notepad application on windows and save the file as .htaccess There are no characters before the period. This file should be uploaded to your website’s root directory and will contain the commands below. For example: http://www.yourdomain.com/.htaccess
a) To block the IP address, my basic .htaccess file includes:
order allow,deny
deny from 127.0.0.1 (Replace this IP with the one you want to block)
allow from all
* So type this info into your .htaccess file, save it and then upload it to your root directory.
This will refuse all GET and POST requests made by IP address 127.0.0.1, an error message is shown instead and they user can’t access the site and thus won’t use any precious bandwidth.
After uploading the file I started monitoring my hit statistics a week later and I’m glad to say that the culprit IP is no longer there.
b) More options
To block multiple IP addresses, list them one per line.
order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all
You can also block an entire IP block/range. Here we will not specify the last octet in the .htaccess file.
e.g. – deny from 127.0.0
This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.
Note: Instead of using numeric addresses, domain names (and subdomain names) can be used to ban users.
e.g. – deny from isp_name.com
It bans users with a remote hostname ending in isp_name.com. This would stop all users connected to the internet via isp_name.com from viewing your site.
Using .htaccess to block an entire range or name is likely to lock out innocent users so use these options with caution.
So, here ends this short tutorial on blocking IP addresses using a .htaccess file, hope you found it useful.
The .htaccess file can be used to complete quite a few other tasks such as creating custom error pages, setting up hot-linking protection, password protecting files and directories and more. I will be posting follow-up tutorials to cover all these topics in the very near future.
Resources like the one you mentioned here will be very useful to me! I will post a link to this page on my blog. I am sure my visitors will find that very useful.
Wow! This is a unique blog. Its header is impressive and cute. Not only that, the most important thing that garnishes its uniqueness is its usefulness and informative contents. Keep it up!