I did a search on this and it got me more confuzzled.

I want to ban some IP's from accessing a site with .htaccess.

My .htaccess is already there and is like this... (excerpt)

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

That's how the htaccess came from my host. Now the examples I see around the net say to just change it to.....

<Limit GET POST>
order deny,allow
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

But all the examples I see on the web have order allow, deny. So I'm kinda afraid to try this on risk that I'll ban myself or some other doltish thing.

Then I read this thread: http://www.webhostingtalk.com/showthread.php?s=&threadid=72806

And in there they say not to use the GET and POST, so I assume that means to delete all the Limit stuff and just do this....

<Limit>
order deny,allow
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
allow from all
</Limit>

Is that correct?

Any advice would be greatly appreciated.

Originally posted by Number6
I did a search on this and it got me more confuzzled.

I want to ban some IP's from accessing a site with .htaccess.

My .htaccess is already there and is like this... (excerpt)

<Limit GET POST>
order deny,allow
deny from all
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

That's how the htaccess came from my host. Now the examples I see around the net say to just change it to.....

<Limit GET POST>
order deny,allow
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
allow from all
</Limit>
<Limit PUT DELETE>
order deny,allow
deny from all
</Limit>

But all the examples I see on the web have order allow, deny. So I'm kinda afraid to try this on risk that I'll ban myself or some other doltish thing.

Then I read this thread: http://www.webhostingtalk.com/showthread.php?s=&threadid=72806

And in there they say not to use the GET and POST, so I assume that means to delete all the Limit stuff and just do this....

<Limit>
order deny,allow
deny from xxx.xxx.xxx.xxx
deny from yyy.yyy.yyy.yyy
allow from all
</Limit>

Is that correct?

Any advice would be greatly appreciated.

To answer your question about the Limit directive, you don't need it at all, unless you are wanting to restrict some access methods and not others. In this case, it sounds as though you want to block certain Ip addresses from any kind of access, so you should not use the limit directive, even without the list of protocols.

The Order directive determines the order in which allow and deny directives are evaluated, and also determines the default access policy. Putting the Deny first means that the deny directives will be evaluated before (and may then be over-ridden by subsequent) allow directives, and would also allow access by default. Your final example then would allow access from everybody, including the IPs you want to block.

The following code will block access from the listed IPs, while allowing access from all others. (Note the lack of <Limit> and </Limit>)

Order Deny, Allow
Deny from 112.112.0.1
Deny from 216.33.33.2

Notice also that I didn't put an allow directive in there, as access is allowed by default under this configuration, so any host not listed in a Deny directive will be allowed.

You could also reverse the Order Directive, which would deny access by default, so you would want to make sure you allowed access to all IPs not specifically banned, like this...

Order Allow,Deny
Allow from all
Deny from 112.112.0.1
Deny from 216.33.33.2

Thanks!

It doesn't work tho.

I get a 500 error when I try to implement this.

I thought it was just me doing it wrong but now I think this approach must not work on a virtual server or something.

Anyways, much appreciated! :)

Originally posted by Number6
Thanks!

It doesn't work tho.

I get a 500 error when I try to implement this.

I thought it was just me doing it wrong but now I think this approach must not work on a virtual server or something.

Anyways, much appreciated! :)

It may be that your host has dis-allowed the use of .htaccess files for the Order, Deny, and Allow directives, in which case you would need to contact your host to resolve the issue.

Another possibility is that you have a syntax error in your .htaccess file. In either case, if you have access to the server error logs, there should be a message in there about the specific problem causing the Internal Server Error. Virtual hosting is not a limiting factor in and of itself though, except that you depend on your host to have or implement a suitable server configuration which would allow you to implement what you want do do.

Good luck!