If you get a 500 Internal Server Error you need to check your server's error log for details of the error. The 500 status is simply a catch-all response returned to the client because of some specific server error.
There are a number issues here that result in errors...
Require not ip 2a01:598:
:
Require not ip 2a01:598:::
In both these cases, the specified IPv6 addresses 2a01:598: and 2a01:598::: are not valid - hence the 500 error response. You could use 2a01:598:: (2 colons), but that is short for the specific IPv6 address 2a01:598:0:0:0:0:0:0, which is not what you require.
With IPv4 addresses, Apache allows you to use partial IP addresses (whole octets), eg. 203.0.113 (no trailing dot). For IPv6 addresses, you might expect 2a01:598 to be permitted, however, this does not appear to be supported as this again results a 500 response and the "The specified IP address is invalid" error being logged.
To specify an IPv6 address range you need to use CIDR notation. For example, to specify the range of IPs that "start 2a01:598:", you would need to use 2a01:598::/32 using CIDR notation (example).
Require all granted
Require not ip 11.222.33.444
When you specify multiple Require directives in this way, Apache defaults to a <RequireAny> container. Negated directives (ie. Require not) are not permitted in a <RequireAny> container; hence the 500 error. ("negative Require directive has no effect in <RequireAny> directive" being logged as the error.) You need to explicitly use the <RequireAll> container here.
Reference:
Solution
So, you would need to do something like the following instead:
<RequireAll>
Require all granted
Require not ip 2a01:598::/32
</RequireAll>
And the end of my .htaccess file after # END WordPress
Logically, this should go near the top of your .htaccess file, before the # BEGIN WordPress comment marker. Blocking directives should be first. However, it probably doesn't matter (because of the way Apache processes different modules).
