How to block ip addresses on apache?

Question

So far I have only been able to block ip address on a per host basis, I would like to block ip addresses for all hosts in apache.

I've tried various combinations of

<Directory /var/www/html>
Options FollowSymLinks
AllowOverride All
Order allow,deny
Allow from all
deny from aa.bb.cc.dd
deny from ee.ff.gg.hh
</Directory>

Directory,Location etc... however all of the options I have tried either don't do anything or they cause other .htaccess files to be ignored resulting in private areas of my site to be wide open.

apache can but is not made to block ip, you should use firewall, most of the time allow from ip is used to securised an access to administration or thing like that. — Froggiz, Nov 05 '15 at 23:22

score 1 · Accepted Answer · edited Apr 13 '17 at 12:13

1

This seems related to this: Apache httpd: How can I Deny from all, Allow from subnet, but Deny from IP within that subnet?

At first you're using a Directory section, which is related to tilesystem objects as opposed to URL paths, which is Location.

Then, if you can, use only .htaccess or httpd.conf, both can get confusing (And beware of AllowOverride, All, means that everything you put in your httpd.conf can be modified by .htaccess rules)

Then, as for Froggiz's comment, for blocking based on ip/subnet a firewall is more efficient, packets dont even reach Apache.

edited Apr 13 '17 at 12:13

Community

1

answered Nov 05 '15 at 23:53

Fredi

2,227
9
13

i went with "fail2ban" to ban with iptables and now I can even automated the banning procedure. – user3338098 Nov 06 '15 at 20:14

How to block ip addresses on apache?

1 Answers1