First of all, this documentation page does a good job explaining things.
The following quote comes from mod_authz_host's documentation
The Order directive, along with the Allow and Deny directives,
controls a three-pass access control system. The first pass processes
either all Allow or all Deny directives, as specified by the Order
directive. The second pass parses the rest of the directives (Deny or
Allow). The third pass applies to all requests which do not match
either of the first two.
Note that all Allow and Deny directives are processed, unlike a
typical firewall, where only the first match is used. The last match
is effective (also unlike a typical firewall). Additionally, the order
in which lines appear in the configuration files is not significant --
all Allow lines are processed as one group, all Deny lines are
considered as another, and the default state is considered by itself.
In other words, if you have Order Allow,Deny, it will first process all Allow directives, then all Deny directives. You can probably figure out that it doesn't matter if you have 1 Allow from all or 100 Allow from all directives. The final result is the same, but with 100 of those directives your server will need more time processing. It will then process all deny directives and overwrite the permission you just gave if needed.
Therefore, you just need one Order Allow,Deny directive and only one Allow from all directive. Whatever script you are using can then just append Deny directives as it sees fit and all will work as expected.
DirectoryIndex index.php
order allow,deny
allow from all
deny from 17.18.19.0
deny from 18.17.19.1
– Clarion Z Jun 28 '14 at 14:39