Jan 272000
Blocking apache access by host
If your web server is under attack, but you don’t have access to a firewall (perhaps you are hosting your site on someone else’s box), you can deny access by host. Here’s how..htaccess is your friend
The .htacess file can be used to deny and allow access. Here is a typical configuration:<Limit GET POST> order deny,allow deny from all allow from all </Limit>
For more detail on this, please see the following Apache documentation:
What I did was change the order directive to be mutual-failure. Which, according to the documentation, "those hosts which appear on the allow list and do not appear on the deny list are granted access". Which is what I want.
So here is what you can do:
<Limit GET POST> order mutual-failure deny from aa.bb.cc.dd ff.gg.hh.0/24 allow from all </Limit>
This will deny access from the IP address aa.bb.cc.dd and the ff.gg.hh.0/24 subnet.