hostyet
asked on
How to use .htaccess block Ips?
I want to block the China IP address and the Chinese OS access via the .htaccess, but allow some specifically city access and IP access, how can I do that? Could you please offer me a file for this? Thanks a lot.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
You can also do it in reverse:
Order deny,allow
Deny from all
Allow from <IP Address1>
Allow from <IP Address2>
Allow from <IP Address3>
etc...
The IP addresses can be just the addresses (or CIDR blocks of addresses) that you want to let in. Effectively, this is creating a whitelist. It might be more preferable if you believe that the number of addresses that need to get in is smaller than the number of addresses that you'd like to keep out.
Note the capitalization on the Order, Allow, and Deny directives. Apache is picky about this. See the guide for all of this (and more) here:
http://httpd.apache.org/docs/2.2/howto/access.html
Also, you could probably do this more effectively in a firewall if you're dealing with a large number of addresses. Firewalls are better at checking lots of traffic and applying access rules than Apache's security subsystem is.
Order deny,allow
Deny from all
Allow from <IP Address1>
Allow from <IP Address2>
Allow from <IP Address3>
etc...
The IP addresses can be just the addresses (or CIDR blocks of addresses) that you want to let in. Effectively, this is creating a whitelist. It might be more preferable if you believe that the number of addresses that need to get in is smaller than the number of addresses that you'd like to keep out.
Note the capitalization on the Order, Allow, and Deny directives. Apache is picky about this. See the guide for all of this (and more) here:
http://httpd.apache.org/docs/2.2/howto/access.html
Also, you could probably do this more effectively in a firewall if you're dealing with a large number of addresses. Firewalls are better at checking lots of traffic and applying access rules than Apache's security subsystem is.
Also, keep in mind that when trying to block outside visitors from a specific IP block, you have to watch out for them circumnavigating your defenses, like using proxies and such. This is why a whitelist might be the more preferable option, as it effectively stops a proxy.
ASKER
Hi Kumba42:
thanks for your advise
I just want to block china ips, except some city or area, you advised use allow this way, it is very much work to do .so, this is not good way.
but you said We can use firewalls, then , where Can I do something?
now , I can operate the MHM right. Can set something about firewalls?
thanks for your advise
I just want to block china ips, except some city or area, you advised use allow this way, it is very much work to do .so, this is not good way.
but you said We can use firewalls, then , where Can I do something?
now , I can operate the MHM right. Can set something about firewalls?
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Hi Kumba42::
Yes, as you said, I am trying every ways to block china , except some citys ip sapce.
I have been edited the .htaccess file to block the IPs from china,
but unsuccessful , as you said, this is a daunting task.
Have any easier way to solve it ?
thanks!
Yes, as you said, I am trying every ways to block china , except some citys ip sapce.
I have been edited the .htaccess file to block the IPs from china,
but unsuccessful , as you said, this is a daunting task.
Have any easier way to solve it ?
thanks!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
I read the example closer, and the country example is because you'd use the Apache module against the GeoIP_Country database. So that implies that if you installed the GeoIP_CITY database as well, you'd have to make some minor adjustments, and you could probably achieve exactly what you want.
This question has been classified as abandoned and is being closed as part of the Cleanup Program. See my comment at the end of the question for more details.
ASKER
thanks for your answer!
I have been tried.but not successful , just can open index page, others can't open .
would you show me detail code in .htaccess ?
thanks!