scriptygoddess

26 Nov, 2002

IP blocking and custom 404 & 403 with htaccess

Posted by: Jennifer In: How to's

This is old news, but because I've often needed to look for the exact syntax, I'm putting it up here.

To block an IP from your website, create a (text) file (if you don't already have one on your server) and name it ".htaccess". Put the following in that text file:

<Limit GET>
order allow,deny
allow from all
deny from 123.456.789.0
deny from 123.4.5.
</Limit>

replace the "123.456.789.0" with the IP you want to block. (you can have as many "deny from …" lines as you want) the "123.4.5." will block a range of IPs.

If you want to have a custom 403 page (the page that people get when they're blocked) put these lines below what you have above:

ErrorDocument 403 /403.htm

(the 403.htm is the page that you've designed… maybe you want to give them an email address to reach to request access…)

You can also have a custom 404 page (page not found). So add this in there too:

ErrorDocument 404 /404.htm

again, the 404.htm page is one that you've created.

Now upload the .htacess file to your server. Wherever you put it – it will effect the current directory, and all its subdirectories. Also, the FULL file name is .htaccess – no other suffix there…

UPDATED 3/18/04: I recently updated this post because of a problem I had. (Actually it was corrected sometime ago in the comments – but I didn't understand what they were talking about) :) In any case – I also wanted to add this: here's some more information on htaccess

No related posts.

67 Responses to "IP blocking and custom 404 & 403 with htaccess"

1 | Daedalus

December 6th, 2003 at 8:30 pm

Avatar

For people who want only certain people to have access to their site it is easier to use a .htpasswd file.

More info about .htpasswd:
http://www.dansie.net/cgi-bin/faq.pl?htpasswd+protect+directories

Password entry generator:
http://www.euronet.nl/~arnow/htpasswd/

(I haven't tried this myself, but if you search for some docs, you'd have to find out how to set it up properly)
(On a sidenote: I couldn't help noticing you are requesting users to replace characters to their html equivalent themselves, while you can do this quite easily on submit in php: $resultstring=str_replace (text_to_change, string_to_change_to, $initialstring); )

2 | Daedalus

December 21st, 2003 at 6:25 am

Avatar

Yo, check your logs. I've gotten spam through this page.

williamduke01@fsmail.net sending message "MESSAGE FROM WILLIAM"

alt. e-mail provided in spam: williamduke01@netscape.net

message sent: Sun, 21 Dec 2003 11:28:14 -0800

Speaking of htaccess, check your logs and see if you can find him, then ban his ip.

3 | justin

May 5th, 2004 at 1:12 am

Avatar

does it matter if you put the 403 error code or the ip deny code first ? please email me thanks

also say my denied page is http://www.djfarm.com/banned.htm

would i put ErrorDocument 403 /banned.htm

4 | Gary LaPointe

May 5th, 2004 at 1:11 pm

Avatar

I"m trying to do something similar. I thought I saw it here once.
I'm migrating my files from HTML to PHP. But I don't want people's external links to break.
I'm looking for a script to either make my .htaccess 404 error smart enough to redirect them to the same page with a .PHP or if I can index my current site with a redirect for all my current files (this might be what I saw most recently).

5 | Jennifer

May 5th, 2004 at 1:40 pm

Avatar

Gary – actually what you can do is have your site CONTINUE to use the ".html" extension so your links don't change – and then just modify your htaccess file to tell your server to process .html pages AS IF they were php (so you can have php code on your .html page)

the post about how to do that is here

6 | Gary LaPointe

May 5th, 2004 at 1:59 pm

Avatar

Jennifer, I was considering that. It was actually part of my comment but I deleted it. I just wasn't sure if should parse every page on the site (just because I can), although if I rename every page (in this section of my site) it's going to get parsed anyways. Thanks! (I'll see if my provider lets me make that change to my .htaccess file).

7 | Jennifer

May 5th, 2004 at 2:15 pm

Avatar

You could probably do some kind of a "mod rewrite" thing in your htaccess file to, as you suggested, re route requests for "page.html" to "page.php"… but I'm not sure if that's better than my suggestion. As well – I'm not familiar with mod rewrite – more than just copy/paste.

8 | Live in the Delirious Cool

November 27th, 2002 at 12:40 pm

Avatar

Making your site work harder behind the scenes
Scriptygoddess Jennifer has a little tutorial up about using .htaccess files to redirect to custom error pages and block IPs – it's just that easy.

9 | BEACHtechie

December 1st, 2002 at 2:26 pm

Avatar

.htaccess
I've always wanted to do a .htaccess file on my site to prohibit some people from accessing my site, but

10 | Ain't too proud to blog

March 6th, 2003 at 12:47 pm

Avatar

The one that makes me scream, she said
A few site tips and tricks of note…some new, some not… Individual link "click tracker" script Oldie but a goodie…how to prevent your site from being Googled Combined form for MT and Bloglet subscriptions Kristine's wonderful MT Plugin Directory H…

11 | FallenSpirits

March 10th, 2003 at 11:49 am

Avatar

Giv'em Hell.
:bsmile: If you have not already read the information at GeekGrrl or Robyn's sites. You might want to look over what was discovered. After reading through I found out my site was also being stolen and reprinted without the CSS…

12 | Life With Buccho

March 16th, 2003 at 12:36 am

Avatar

You Let Me Violate You…
I was warned. I read the solutions to prevent it. Yet I ignored them. And now I got my

13 | fedupwithidiots

September 22nd, 2004 at 3:09 pm

Avatar

I have read through the postings here and if I hvae missed this I'm sorry….
basically I want to redirect my banned ips to another site as I don't have root access in order to upload the 403.htm file to. When I tried the ip block on my own ip it worked great!!! However it kicks me out to the main test page for the site and not the 403 file I created. I don't want this. Thus how can I redirect to another site? Everytime I tried it, it created an internal server error.

14 | Adam

October 21st, 2004 at 4:29 am

Avatar

I cant make a file .htaccess it is .htaccess.txt I clicked show extensions of know file types, renamed the file .htaccess and it said you must have a file name.
How can I get round this, would it work if I copyed it from a website throught ftp to my tripod site?
If it would please give me a site to use.
Is it posible to do it in geocities?

15 | Adam

October 21st, 2004 at 6:08 am

Avatar

I worked out how to.

My FTP program let me rename the file, and remove the .txt at the end.

16 | Adam

October 21st, 2004 at 6:13 am

Avatar

Tripod will not let me upload it via ftp. Geocities will not allow me to upload it via its file manager
How can I upload it?
Or where can I upload it for free?

17 | Adam

October 21st, 2004 at 7:22 am

Avatar

I worked it out, I used tripod file manger, upload and it worked.

Sorry for wasting some space but at least some people might find this usefull and it is related

Categories

Archives

Featured Sponsors

Genesis Framework for WordPress

Advertise Here

Search


  • Scott: Just moved changed the site URL as WP's installed in a subfolder. Cookie clearance worked for me. Thanks!
  • Stephen Lareau: Hi great blog thanks. Just thought I would add that it helps to put target = like this:1-800-555-1212 and
  • Cord Blomquist: Jennifer, you may want to check out tp2wp.com, a new service my company just launched that converts TypePad and Movable Type export files into WordPre

About


Advertisements

Copyright © 2024 scriptygoddess is proudly powered by WordPress

Fervens - C Theme is created by: Design Disease brought to you by Smashing Magazine