Banning IPs?


#1

Is there a way to ban an IP, or even a range? (examples - 1.2.3.4 or 1.2.3.*)
It was possible on my old host and I’m pretty sure it used .htaccess, but I can’t figure out how to do it on DH.


#2

I use a .htaccess file to block a particular IP range from accessing a site due to an abusive user.
That one uses the 1.2.3.4 and 1.2.3.* patterns

here is what I use:

order allow,deny allow from all deny from 1.2.3.4 deny from 1.2.3.

I don’t think you need to use the *

create the text file, upload it as htaccess to the directory you want, then change the NAME of the file to .htaccess on the server once it has been uploaded.

well, that’s what I do. someone else may do it easier.


#3

Thanks!


#4

<Limit GET> order allow,deny allow from all deny from 1.2.3.4 deny from 1.2.3. </LIMIT>

It helps to read the Apache documentation, it usually has tips in there for better security. Here is a link to the documentation on the Limit section:
http://httpd.apache.org/docs/mod/core.html#limit

Problem with quoted example:

  1. Does not deny access to POST (form submission)/HEAD/other requests
  2. Access is denied by default with Allow,Deny, so not necessary to specify Denys with no Allows

for example if a comment spammer already knew the URL and the form fields, he could still POST. It would be better to just not use a Limit section at all, and just do

[code].htaccess

Deny,Allow: allow access by default, then evaluate Denys before Allows

Order Deny,Allow
Deny from 1.2.3.4
Deny from 1.2.3
---------[/code]

:cool: Perl / MySQL / HTML+CSS