Blocking of IP in .htaccess not working

Question

I try to configure a simple block of an IP address in my .htaccess. I followed examples I found here in this forum, that seemed to work fine for other users, but do not work for me and I really don't get why.

My .htaccess file is very simple:

Order Allow,Deny
Allow from all
Deny from aaa.bbb.ccc.ddd

I expect that the configured IP address (aaa.bbb.ccc.ddd) will be blocked. But unfortunately it is not blocked.

If I set 'Deny from all' in the third line of my .htaccess, all access is blocked as expected.

So it seems the directive is read by Apache but if I set anything else but 'from all' i. e. a host name or an IP or an IP wildcard etc. no blocking happens.

I appreciate any help, pointing me in the right direction.

Thanks Nestor

Could you provide your Apache configuration for the concerned site, along with the complete `.htaccess` file (in case it isn't already in your question) ? — John WH Smith, Apr 10 '14 at 20:15

score 4 · Answer 1 · answered Apr 09 '14 at 19:55

4

Probably a red herring, but I presume you have the tags around your .htaccess block? eg

<Limit GET POST>
  order allow,deny
  allow from all
  deny from 100.101.102.103
</Limit>

This is how I use it on one of my sites.

answered Apr 09 '14 at 19:55

Almetraet

41
5

No, I have not tags around my .htaccess block. I thought it is not necessary for this kind of directives. Have to try that. Thanks. – user3516800 Apr 10 '14 at 04:28
1

I tried the suggestion with the Limit tags, but it did not solve my problem. – user3516800 Apr 10 '14 at 07:38

Behnam Alavi · Answer 2 · 2019-12-16T18:15:27.247

2

After some search I found because of all clients first allowed and then goes to be denied htaccess not work correctly.I reverse deny and allow in .htaccess But finally Solved in this way :

Order Allow,Deny
Deny from aaa.bbb.ccc.ddd

Following ip forbidden 403 and others allowed for browsing. (No Directory tag needed if .htaccess is in current direcotry)

Hope to be helpful

edited Dec 16 '19 at 18:15

answered Dec 16 '19 at 17:22

Behnam Alavi

127
1
4

Same problem and work with your code, thanks. PHP 8.0 – Bbbb Dec 14 '22 at 08:45

score 1 · Answer 3 · answered Apr 09 '14 at 20:02

Are you sure that the ip address you are including is the ip address that Apache is seeing? If the server is behind a load balancer, it will see the load balancer address.

To overcome this, you need to examine the X-Forwarded-For header

        SetEnvIf X-Forwarded-For ^aaa\.bbb\.ccc\.ddd proxy_env
        Order allow,deny
        Satisfy Any
        deny from env=proxy_env

You can obviously check what ip address is being seen by looking at your logs

I'm quite sure yes. I copied the IP from the apache access log. — user3516800, Apr 10 '14 at 04:55

score 1 · Answer 4 · answered Apr 09 '14 at 20:11

I came accross a similar issue recently, this was all about IPv4 and IPv6. Have a look at your server's access logs, and check how your IP address is logged. You might actually be blocking an IPv4 address, while reaching your web server with your IPv6 address (which is not blocked).

If you don't have access to these logs, just try to block your IPv6 the same way you're trying to block your IPv4. You can find your IPv6 here : http://whatismyv6.com/

Order Allow, Deny
Allow From All
Deny From [Your-IPv4]
Deny From [Your-IPv6]

I copied the IP from the apache access log as is. – user3516800 Apr 10 '14 at 04:58 — user3516800, Apr 10 '14 at 04:58

score 0 · Answer 5 · answered Jan 30 '18 at 00:38

0

I had the same issue then found that the .htaccess file had mixed new-line characters (CR and some CRLF). deleted the file and created it again with the proper carriage returns

answered Jan 30 '18 at 00:38

phpisthebst

1

Blocking of IP in .htaccess not working

5 Answers5