One of my websites is being continuously attacked by spammers originating from a certain set of countries.
There are four culprit IPs that are proving to be a nuisance.
I have tried using the mod_access utility of Apache and have the following lines added to my .htaccess
<Limit GET POST>
order allow,deny
Allow from all
deny from 201.xx.xx.xx
deny from 202.xx.xx.x
deny from 201.xx.xx.xx
deny from 201.xx.xxx.xx
</Limit>
Howeverm for some reason, the spammers are still able to access my site and the spam continuous from the said IPs
Can anyone tell me as to where exactly it is that I am going wrong.
Just remove the limit
order allow,deny
deny from 201.xx.xx.xx
deny from 202.xx.xx.x
deny from 201.xx.xx.xx
deny from 201.xx.xxx.xx
allow from all
Related
Seen lots of info regarding this but can't figure out this scenario. I want to deny all uk ips but allow my own uk ip.
I have a big list of deny ip addresses which work fine and deny access, but I want to be able to access the site for obvious reasons!
Basically I'm creating a site for Irish consumer base and the owner wants to exclude the UK from accessing the site. But I need to access it still.
In your .htaccess file put this rule in same manner and write your ip's which are whitelisted in allow from your ip
<Directory "/">
order deny,allow
deny from all
allow from 127.0.0.1
allow from 127.0.0.2
</Directory>
Using Require
<RequireAll>
Require all granted
Require not ip 10.252.46.165
</RequireAll>
https://httpd.apache.org/docs/2.4/howto/access.html
Is there any way to block an IP that have already visited a site with htaccess other any other tools?
Like someone visited a this site www.my-site.com/index1.html and I want to prevent that he can visit it again what is the best way to do this?
You could try something like
Order Deny,Allow
Deny from xxx.xxx.xxx.xxx
or you can deny a lock like this
Order Deny,Allow
Deny from xxx.xxx.xxx
xxx is obviously the octet
I have a website where I'm getting quite a lot of comment spam. Looking at the IP addresses the spam originates from, they're mostly from countries where it's unlikely any real humans would want to interact with my English-language website, so it makes sense for me to simply block them.
This should be quite straightforward, however I'd like it if traffic from these countries could actually view my content, just not access the comment, registration etc. forms. So effectively I want to allow them to make GET method requests, but not POST method ones.
Ideally, I'd like to do this in the .htaccess file for the site rather than actually coding it into the PHP scripts that power the site. After a bit of searching, I found what I thought was exactly what I needed: . It appeared that I could do exactly as described above with:
# Block China, Russia etc. from POSTs and similar methods
<Limit POST PUT DELETE>
order deny,allow
deny from 210.5.214.128/29
deny from 210.89.69.160/28
# Hundreds more lines...
# My current IP (sample provided here, actual used in reality), to test
deny from 100.100.100.100
allow from all
</Limit>
# Allow anyone to do GETs and HEADs
<Limit GET HEAD>
order deny,allow
allow from all
</Limit>
But it's not having the desired effect. I can do GET requests (as desired), but POSTs also still work as normal where I would expect a 403 Forbidden error perhaps.
If I don't use the tag and put my IP in the deny list, it does successfully prevent me from accessing the site (both GET and POST).
Can anyone advise me as to what I need to change?
Change the order of allow deny like this:
<Limit POST PUT DELETE>
order allow,deny
allow from all
deny from 210.5.214.128/29
deny from 210.89.69.160/28
# Hundreds more lines...
# My current IP (sample provided here, actual used in reality), to test
deny from 100.100.100.100
</Limit>
<Limit GET HEAD>
order deny,allow
allow from all
</Limit>
Block backend repertory eg: /wp-admin except for allow IP (even if you have the password)
<Limit POST PUT DELETE>
order deny,allow
deny from all
#allow from localhost
#allow from 127.0.0.1
allow from xxx.xxx.xx.xx
</Limit>
# Allow anyone to do GETs and HEADs
<Limit GET HEAD>
order deny,allow
allow from all
</Limit>
This usually would work using allow,deny:
order allow,deny
deny from secureserver.net
allow from all
But for this specific domain the logs show that it is still allowing access, for example:
ip-50-63-174-95.ip.secureserver.net gets an 200 ok response to requests.
Try this:
<Limit GET POST>
order allow,deny
allow from all
deny from .secureserver.edu
</Limit>
I need to deny all IPs except mine.
I got my outward facing IP from whatismyip.com. Let's assume it is 200.200.200.200
Here is the beginning of my .htaccess
ErrorDocument 403 /down.html
<Limit GET POST>
order deny,allow
deny from all
allow from 200.200.200.200
</Limit>
This works with the denying part - it shows my down.html page. However it denies me even when I place my correct IP in the .htaccess. Am I doing something wrong?
Also the down.html page contains an image - but seeing as all requests are being denied, I had to host it on a different domain to get it to display. My .htaccess skills are a little rusty, but how would I go about allowing that one image request through using .htaccess on this domain?
<Limit GET POST>
order allow,deny
allow from 200.200.200.200
deny from all
</Limit>