Blocking IP Addresses
Contents
Windows
Using your web.config file to block IP Addresses
To block a specific IP or a large range of IP Addresses you can use your "web.config" file by following the below steps.
- If you do not have a web.config file in your site files then you will need to create one at this time. The code below is the basic code you would see in your web.config file:
<?xml version="1.0"?> <configuration> <system.webServer> <modules runAllManagedModulesForAllRequests="true"/> </system.webServer> </configuration>
To enable the block you will need to place the below code after the "<system.webServer>":
<security> <ipSecurity allowUnlisted="true"> <clear/> <add ipAddress="1.1.1.1"/> <!-- blocks the specific IP of 1.1.1.1 --> <add ipAddress="1.1.1.0" subnetMask="255.255.255.0"/> <!--blocks network 1.1.1.0 to 1.1.1.255--> <add ipAddress="1.1.0.0" subnetMask="255.255.0.0"/> <!--blocks network 1.1.0.0 to 1.1.255.255--> <add ipAddress="1.0.0.0" subnetMask="255.0.0.0"/> <!--blocks entire /8 network of 1.0.0.0 to 1.255.255.255--> </ipSecurity> </security>
Once you update this code to the specif IP Addresses you are trying to block and click save any attempts from these IP's to hit the site will not go through.
Linux
Blocking IP Addresses through Cpanel
You will need to be logged into your Cpanel for your domain. Once logged in:
- You will click on "IP Deny Manager".
- Now you will see an option to add an IP Address or Domain to the block list.
- Once you enter the desired IP Address you should receive a message that states:
"Users from the IP address(s) 12.34.56.789 will not be able to access your site."
HTACCESS
Blocking IP Addresses using a .htaccess file
You can also block IP addresses in Windows or Linux using a .htaccess file. If you do not already have one, you will need to create a file called .htaccess. You can then block IPs using the DENY command.
Here is an example:
order allow,deny deny from 123.45.6.7 deny from 012.34.5. allow from all
You can deny access based upon IP address or an IP block. The above blocks access to the site from 123.45.6.7, and from any sub domain under the IP block 012.34.5. (012.34.5.1, 012.34.5.2, 012.34.5.3, etc.) After it sets those, it allows from all to allow all others to access the site. You can also set an option for deny from all, which would of course deny everyone. You can also allow or deny by domain name rather than IP address. For example Hostek.com. Always test accessing your site from multiple IP addresses such as your PC and a SmartPhone not on wifi just to make sure it is allowing access as you intended.