.htaccess Code Help

design

#1

I have a website where I’m trying to block specific IP addresses (more than one) from a directory and send them to a specific page on my website where I have created a special message for them.

In the code below, when the visitor with the IP address listed tries to access the page storage.html, they are sent to a page that lets them know why I banned them. However, what I really want to do is block their access to the the directory /myfiles and when they click any link on my website that leads to any file within this directory, they are sent to the yourbanned.html file.

How would I write that and would it be placed in the root directory on in the directory that I want to block access to for the specific IP addresses? I also understand that the code below may not be the best choice but at the moment, it does work for a single page. Hopefully someone can help with a new .htaccess code to redirect multiple IP’s for a directory to my yourbanned.html page.

<files storage.html>
ErrorDocument 403 http://www.mywebsite/yourbanned.html
Order Allow,Deny
Allow from All
Deny from xx.xx.xx.xx
Deny from xx.xx.xx.xx
Deny from xx.xx.xx.xx
Deny from xx.xx.xx.xx
</files>

#2

Remove the “<Files…>” and “” lines, and put that all in an .htaccess file for the directory you want to control access to. That should cover it.


#3

Most excellent! Amazing how simple that turned out to be…

While I’m at it, let me pose another question:

Given the same directory I’m trying to control, is there a way I can redirect one set of IP addresses who try to access the folder to yourbanned.html and then redirect a different set of IP addresses to a different file called banned.html?

My thoughts are that I want the 2 groups of IP addresses to be redirected to different pages depending on what they have done and the message I want them to read. If it really can’t be done, then it’s no problem but I appreciate the help just the same.

Thanks…


#4

Yes, but the IPs you are blocking/redirecting wouldn’t get a 403 server response. Since these IPs would merely get redirected to these respective web pages (and not get a 403 error) if they are bots, they are likely to continue with their requests. If they are human, your objective would likely be achieved.

That said, one way to do this is with mod_rewrite (instead of your mod_access code):

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !^yourbanned\.html$ - [F]
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !^banned\.html$ - [F]

Then you could still use a custom 403 error page (either of these two, or even another page) for everyone else that would send the 403 error.

ErrorDocument 403 http://www.mywebsite/*.html

Note: replace the *s with pertinent info.


#5

I added this to my .htaccess file but after entering my IP and testing it, I got a 500 Internal Server Error.


#6

I had a typo (sorry.) I had an escape after, not before, a dot in the IP addresses. Try this:

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !^yourbanned\.html$ - [F]
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !^banned\.html$ - [F]

#7

Same problem and I also noticed that it was not redirecting the the specified page.


#8

Try adding escapes to the redirects as well:

RewriteEngine On RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.*** RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.*** RewriteRule !^yourbanned\.html$ - [F] RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.*** RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.*** RewriteRule !^banned\.html$ - [F]

This should be working. The code is correct… assuming these two pages reside in the same folder. If not, use full URLs (and escape all dots.)


#9

Geez, this is still giving me the same result.

Here is your code with my full path edits so you can see if I made a mistake. By the way, this .htaccess file will reside in a subdirectory and the pages for the forward (banned.html & yourbanned.html) are in the root directory.

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !www\.mywebsite\.com/yourbanned\.html$ - [F]
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteCond %{REMOTE_ADDR} ^***\.***\.***\.***
RewriteRule !^www\.mywebsite\.com/banned\.html$ - [F]

#10

Well you can’t have the asterisks in the code. That is just for the example.

You could use this:

RewriteCond %{REMOTE_ADDR} ^aa\.bb\.cc\.dd
RewriteRule !http://www\.mywebsite\.com/banned\.html - [F]

Or move the redirect page into that same folder and just use the page name (which is what I recommend.)

RewriteCond %{REMOTE_ADDR} ^aa\.bb\.cc\.dd
RewriteRule !^banned\.html$ - [F]

#11

Okay, it’s working now. Many thanks!

By the way, what does this code do? [F]


#12

Using the [F] flag causes the server to return a 403 Forbidden status code to the client. It is implied that it is the last [L] rule of the condition. However, I’m not sure the client is actually getting a 403… I just included the [F] to try. Use a response header checker to verify.


#13

Thanks for your help. Cheers…
[hr]
One last thing, could you remove the IP address from post #10? I forgot to delete the IP when I posted and went back and edited mine. Would appreciate it if you would as well.

Thanks again…


#14

Geez, the last time we tackled this issue the script was working but today I noticed that one of my banned IP’s was able to view the directory that I thought I had banned him from. I then added my IP to the script and found that it was not blocking or redirecting my IP either.

Can you look at my code again and see if there are any mistakes? Please note that the top set of IP’s are being redirected to one page while the bottom set of IP’s are being sent to a different page. This htaccess script was also placed in the folder that I wanted the visitors blocked from.

Thanks…

# Ban and Redirect IP's
RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteRule !http://www\.mywebsite\.com/yourbanned\.html - [F]

RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx
RewriteRule !http://www\.mywebsite\.com/banned\.html - [F]

#15

By default, when there is more than RewriteCond preceding a RewriteRule, the conditions are combined with an implicit “and”. This means that your redirects will only affect people whose IP matches all of the patterns you have listed — which is probably impossible!

You will want to add the “[OR]” flag to the end of each condition other than the last one, like so:

RewriteCond %{REMOTE_ADDR} ^xx\.xx\.xx\.xx$ [OR]
RewriteCond %{REMOTE_ADDR} ^yy\.yy\.yy\.yy$ [OR]
RewriteCond %{REMOTE_ADDR} ^zz\.zz\.zz\.zz$
RewriteRule !http://www\.mywebsite\.com/yourbanned\.html - [F]

Note that I’ve also added the end-of-string character $ to the end of your patterns. This will keep a block on 1.2.3.4 from matching 1.2.3.45, for instance.


#16

This is giving me a 403 forbidden page and does not redirect the banned IP to the yourbanned.html page.


#17

RewriteEngine On
RewriteCond %{REMOTE_ADDR} ^***.***.***.***
RewriteCond %{REMOTE_ADDR} ^***.***.***.***
RewriteRule !^yourbanned.html$ - [F]
RewriteCond %{REMOTE_ADDR} ^***.***.***.***
RewriteCond %{REMOTE_ADDR} ^***.***.***.***
RewriteRule !^banned.html$ - [F]

is best one for 301 redirection :slight_smile:


#18

Thanks for your help… good job