Blocking IP Addresses

From Hostek.com Wiki
Revision as of 14:40, 31 March 2013 by Brentb (Talk | contribs)

(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to: navigation, search

Windows

Using your web.config file to block IP Addresses

To block a specific IP or a large range of IP Addresses you can use your "web.config" file by following the below steps.

  • If you do not have a web.config file in your site files then you will need to create one at this time. The code below is the basic code you would see in your web.config file:
<?xml version="1.0"?>
<configuration>
   <system.webServer>
     <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
</configuration>

To enable the block you will need to place the below code after the "<system.webServer>":

<security>
   <ipSecurity allowUnlisted="true">    
       <clear/>                    
       <add ipAddress="1.1.1.1"/>     <!-- blocks the specific IP of 1.1.1.1  -->                
       <add ipAddress="1.1.1.0" subnetMask="255.255.255.0"/>     <!--blocks network 1.1.1.0 to 1.1.1.255-->                
       <add ipAddress="1.1.0.0" subnetMask="255.255.0.0"/>     <!--blocks network 1.1.0.0 to 1.1.255.255-->                
       <add ipAddress="1.0.0.0" subnetMask="255.0.0.0"/>     <!--blocks entire /8 network of 1.0.0.0 to 1.255.255.255-->                
   </ipSecurity>
</security>

Once you update this code to the specif IP Addresses you are trying to block and click save any attempts from these IP's to hit the site will not go through.

Linux

Blocking IP Addresses through Cpanel

You will need to be logged into your Cpanel for your domain. Once logged in:

  1. You will click on "IP Deny Manager".
  2. Now you will see an option to add an IP Address or Domain to the block list.
  3. Once you enter the desired IP Address you should receive a message that states:
    "Users from the IP address(s) 12.34.56.789 will not be able to access your site."

HTACCESS

Blocking IP Addresses using a .htaccess file

You can also block IP addresses in Windows or Linux using a .htaccess file. If you do not already have one, you will need to create a file called .htaccess. You can then block IPs using the DENY command.

Here is an example:

order allow,deny 
deny from 123.45.6.7 
deny from 012.34.5. 
allow from all  

You can deny access based upon IP address or an IP block. The above blocks access to the site from 123.45.6.7, and from any sub domain under the IP block 012.34.5. (012.34.5.1, 012.34.5.2, 012.34.5.3, etc.) After it sets those, it allows from all to allow all others to access the site. You can also set an option for deny from all, which would of course deny everyone. You can also allow or deny by domain name rather than IP address. For example Hostek.com. Always test accessing your site from multiple IP addresses such as your PC and a SmartPhone not on wifi just to make sure it is allowing access as you intended.