Tutorial - How do I block access to my website for certain IP addresses via a .htaccess file?

Knowledge Base

KB0052840

Tutorial - How do I block access to my website for certain IP addresses via a .htaccess file?


Icons/System/eye-open Created with Sketch. 1391 Views 14.03.2024 Web / Web Hosting

Objective

The aim of this tutorial is to help you secure access to your websites from external networks, and prevent intrusions and DoS attacks.

You can do this with a ".htaccess" file, a particular text file, that the web server (Apache) detects, and that allows you to define special rules for a directory and all of its subdirectories.

You can create multiple ".htaccess" files in the FTP space of your hosting but only one per directory or subdirectory to avoid conflicts between different .htaccess files.

Find out how to block access to your website for certain IP addresses via a ".htaccess" file.

OVHcloud provides services that you are responsible for with regard to their configuration and management. It is therefore your responsibility to ensure that they function properly.

This guide is designed to help you with common tasks. Nevertheless, we recommend contacting a specialist provider if you encounter any difficulties. We will not be able to assist you. You can find more information in the Go further section of this guide.

Requirements

Instructions

The ".htaccess" file can be placed in several different folders, while respecting the rule of only one ".htaccess" file per folder or subfolder.

The settings defined by a ".htaccess" file apply to the directory where it is installed and to all subdirectories.

To edit (or create) these directories, log in to your hosting plan’s FTP space. If you need help with this, please refer to our guide on Logging in to your Web Hosting plan’s storage space.

Block an IP, a range of IPs, a domain or all the IPs of a country

Several rules are available to block access to your hosting plan via ".htaccess".
Be careful with the syntax and block settings to prevent blocking yourself from viewing your hosted sites and/or scripts.
In the event of an error, you can always log in to the FTP space of your hosting to correct mistakes.

Shared hosting currently works with Apache 2.4. Since the Apache 2.3 release, variables have been implemented and the syntax for writing access restrictions/permissions has changed.

Since the old syntax is very popular, it is still active on our infrastructures. However, it is considered obsolete by Apache and may soon be unavailable. In this tutorial, you will find examples detailing the two syntaxes.

For more details on the new syntax, you can consult the following official pages:

Block an IP

To block a specific IP address, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3
Deny from IP_address
<RequireAll>
Require all granted
Require not ip IP_address
</RequireAll>
  • Example: If you want to block the IP address 203.0.113.0, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3
Deny from 203.0.113.0
<RequireAll>
Require all granted
Require not ip 203.0.113.0
</RequireAll>

Block an IP range

To block an IP address range, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3
Deny from IP_range
<RequireAll>
Require all granted
Require not ip IP_range
</RequireAll>
  • Example: If you want to block all IPs in 203.0.113.x, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3
Deny from 203.0.113
<RequireAll>
Require all granted
Require not ip 203.0.113
</RequireAll>

Block a domain

Some domains might access your hosting via redirections or requests.

To block a domain, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3
Deny from domain
<RequireAll>
Require not host domain
</RequireAll>
  • Example: if you want to block domain.tld, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3
Deny from domain.tld
<RequireAll>
Require not host domain.tld
</RequireAll>

Block IPs from a country

All IP addresses (particularly public IP addresses) have country-wide geolocation. This way, you can get an idea of where an IP's traffic comes from, and physically locate the IP.

The ".htaccess" allows, thanks to this element, to block all the geolocated IPs from a country. In other words, anyone who tries to visit your site from this country will be blocked (unless they use a VPN connection with a geolocated IP in another country).

Blocks via the ".htaccess" are done through the two-letter Country Codes (ISO 3166-1 alpha2 standard) of the countries.

Several websites list the countries and their respective Country Codes, including https://www.iban.com/country-codes (independent of OVHcloud).

To block all IPs of a country, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3 
SetEnvIf GEOIP_COUNTRY_CODE Country_Code BlockCountry
Deny from env=BlockCountry

To be placed at the top of your ".htaccess"

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(Country_Code)$
RewriteRule ^(.*)$ - [F,L]
  • Example: If you want to block geolocated IP addresses from Fiji (FJ) and Greenland (GR), you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3 
SetEnvIf GEOIP_COUNTRY_CODE FJ BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE GR BlockCountry
Deny from env=BlockCountry

To be placed at the top of your ".htaccess"

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(FJ|GR)$
RewriteRule ^(.*)$ - [F,L]

To authorise selected IPs, a range of IPs or all the IPs of a country

Rather than restricting access to one or more IPs and allowing others to access your hosting, you can do the opposite by blocking all IPs and then allowing only one or more IPs to access your service.

Authorise one or more IPs

To authorise only one IP to access your service, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
Allow from IP_address
Require ip IP_address
  • Example: If you only want to authorise IPs 203.0.113.0 and 203.0.113.1 to access your hosting, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
Allow from 203.0.113.0
Allow from 203.0.113.1
Require ip 203.0.113.0 203.0.113.1

Authorise an IP range

To authorise a range of IPs to access your service, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
Allow from IP_range

To be placed at the top of your ".htaccess"

Require ip IP_range
  • Example: If you only want to authorise the IP range 203.0.113.x to access your hosting, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
Allow from 203.0.113

To be placed at the top of your ".htaccess"

Require ip 203.0.113

Authorise all the IPs of a country

To authorise all IPs in a country to access your service, insert one of the following two codes into your ".htaccess" file:

  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
SetEnvIf GEOIP_COUNTRY_CODE Country_Code AllowCountry
Allow from env=AllowCountry

To be placed at the top of your ".htaccess"

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(Country_Code)$
RewriteRule ^(.*)$ - [F,L]
  • Example: If you wish to authorise only Fiji (FJ) and Greenland (GR) to access your hosting, you will need to write one of the following two codes:
  • Historical Syntax
  • Syntax from Apache 2.3 
order deny,allow
deny from all
SetEnvIf GEOIP_COUNTRY_CODE FJ AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE GR AllowCountry
Allow from env=AllowCountry

To be placed at the top of your ".htaccess"

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(FJ|GR)$
RewriteRule ^(.*)$ - [F,L]

Further actions with the ".htaccess" file

Besides general access security to the hosting, the ".htaccess" file allows you to perform other actions. Below are more OVHcloud tutorials on the subject:

Go further

For specialised services (SEO, development, etc.), contact OVHcloud partners.

If you would like assistance using and configuring your OVHcloud solutions, please refer to our support offers.

Join our community of users.