{"id":3237,"date":"2025-08-12T10:03:13","date_gmt":"2025-08-12T04:33:13","guid":{"rendered":"https:\/\/www.nettigritty.com\/kb\/?p=3237"},"modified":"2025-08-12T10:03:13","modified_gmt":"2025-08-12T04:33:13","slug":"how-to-block-an-ip-address-or-range-using-htaccess","status":"publish","type":"post","link":"https:\/\/www.nettigritty.com\/kb\/cpanel\/how-to-block-an-ip-address-or-range-using-htaccess\/","title":{"rendered":"How to Block an IP Address or Range Using .htaccess"},"content":{"rendered":"

If you need to block specific IP addresses or ranges from accessing your website, you can do so using rules in the .htaccess<\/code> file. This is especially useful for preventing unwanted visitors, bots, or malicious activity.<\/p>\n

\n

1. Blocking a Single IP (Apache 2.4+)<\/strong><\/h2>\n

To block a specific IP address, add the following lines to your .htaccess<\/code> file:<\/p>\n

<RequireAll>\r\n    Require all granted\r\n    Require not ip 123.45.67.89\r\n<\/RequireAll>\r\n<\/code><\/pre>\n
    \n
  • Replace 123.45.67.89<\/code> with the IP you want to block.<\/li>\n
  • Any request from that IP will receive a 403 Forbidden<\/strong> error.<\/li>\n<\/ul>\n
    \n
    2. Blocking Multiple IPs<\/strong><\/h2>\n
    You can block multiple IP addresses by adding more Require not ip<\/code> lines:<\/p>\n
    <RequireAll>\r\n    Require all granted\r\n    Require not ip 123.45.67.89\r\n    Require not ip 98.76.54.32\r\n    Require not ip 192.168.1\r\n<\/RequireAll>\r\n<\/code><\/pre>\n
      \n
    • The above blocks:\n
        \n
      • 123.45.67.89<\/code><\/li>\n
      • 98.76.54.32<\/code><\/li>\n
      • All IPs starting with 192.168.1<\/code> (entire range)<\/li>\n<\/ul>\n<\/li>\n<\/ul>\n
        \n
        3. Blocking an IP Range Using CIDR Notation<\/strong><\/h2>\n
        If the unwanted traffic comes from a range of IPs, use CIDR notation:<\/p>\n
        <RequireAll>\r\n    Require all granted\r\n    Require not ip 123.45.67.0\/24\r\n<\/RequireAll>\r\n<\/code><\/pre>\n
          \n
        • \/24<\/code> means the first 24 bits<\/strong> are fixed, so this will block all IPs from 123.45.67.0<\/code> to 123.45.67.255<\/code>.<\/li>\n<\/ul>\n
          \n
          4. CIDR Quick Reference Table<\/strong><\/h2>\n\n\n\n\n\n\n\n\n
          CIDR<\/th>\nNumber of IPs Blocked<\/th>\nExample Range<\/th>\n<\/tr>\n<\/thead>\n
          \/8<\/code><\/td>\n16,777,216<\/td>\n123.0.0.0 \u2013 123.255.255.255<\/td>\n<\/tr>\n
          \/16<\/code><\/td>\n65,536<\/td>\n123.45.0.0 \u2013 123.45.255.255<\/td>\n<\/tr>\n
          \/24<\/code><\/td>\n256<\/td>\n123.45.67.0 \u2013 123.45.67.255<\/td>\n<\/tr>\n
          \/32<\/code><\/td>\n1<\/td>\n123.45.67.89 (single IP address)<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n
          \n
          5. Apache 2.2 and Older Syntax<\/strong><\/h2>\n
          If your server uses Apache 2.2 or earlier<\/strong>, use:<\/p>\n
          order allow,deny\r\ndeny from 123.45.67.89\r\ndeny from 123.45.67.0\/24\r\nallow from all\r\n<\/code><\/pre>\n
          \n
          6. Things to Keep in Mind<\/strong><\/h2>\n
            \n
          • Always back up your .htaccess<\/code> before making changes.<\/li>\n
          • Be careful when blocking ranges\u2014you might unintentionally block legitimate users.<\/li>\n
          • After editing .htaccess<\/code>, clear any caching (server or CDN) to apply changes immediately.<\/li>\n
          • If you have access to your hosting control panel or server firewall, IP blocking at the server or firewall level is more efficient than using .htaccess<\/code>.<\/li>\n<\/ul>\n
            \n
            Tip:<\/strong> For frequent attacks, consider using a firewall service like Cloudflare<\/strong> or ModSecurity<\/strong> for better performance and protection.<\/p>\n","protected":false},"excerpt":{"rendered":"
            If you need to block specific IP addresses or ranges from accessing your website, you can do so using rules in the .htaccess file. This is especially useful for preventing unwanted visitors, bots, or malicious activity. 1. Blocking a Single IP (Apache 2.4+) To block a specific IP address, add the following lines to your […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-3237","post","type-post","status-publish","format-standard","hentry","category-cpanel"],"_links":{"self":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3237","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/comments?post=3237"}],"version-history":[{"count":1,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3237\/revisions"}],"predecessor-version":[{"id":3238,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/posts\/3237\/revisions\/3238"}],"wp:attachment":[{"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/media?parent=3237"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/categories?post=3237"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.nettigritty.com\/kb\/wp-json\/wp\/v2\/tags?post=3237"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}