6

I'm managing a site and the site is built in Wordpress. It gets ENORMOUS amount of traffic from bots and we want to block all of them except for important bots like Google Yahoo Bing Baidu. We use cloudflare and I want to block them from two layers, Cloudflare firewall and htaccess file. In htaccess file, I know how to block a single IP address and last trailing IPs of a IP range like 123.123.123.0/16

However, I need to block following IPs 69.30.192.0 - 69.30.255.255 93.55.115.64 - 93.55.115.71

How do you set rules of this in htaccess file? Cloudflare seems to follow same rule.

Jason Marsh
  • 380
  • 4
  • 11
  • Careful! [Cloudflare acts as a reverse proxy, so all connections will appear to come from a Cloudflare IP (as far as your server can tell)](https://support.cloudflare.com/hc/en-us/articles/200170706-How-do-I-restore-original-visitor-IP-with-Nginx-). Also, if you're filtering at the Cloudflare firewall level and have your DNS set up correctly, you shouldn't be seeing any direct traffic from those bots, anyway. – elixenide Feb 26 '16 at 05:01

3 Answers3

3

You've almost got it. The /16 notation is actually called CIDR Notation.

The number indicates how many bits to match from left to right. The Wiki page explains it in depth.

Or... you can just take my word for it and use a tool like this one I found: http://www.ipaddressguide.com/cidr#range

You can then use the deny from in your .htaccess just as you would for a single ip with the given values:

Order Allow,Deny
Deny from 69.30.192.0/18
Deny from 93.55.115.64/29
Allow from all
Nick Kuznia
  • 1,698
  • 17
  • 27
2

Not sure how reliable the source is, but this is from clockwatchers

http://www.clockwatchers.com/htaccess_block.html

To Block a single ip address

order allow,deny
deny from 127.0.0.1
allow from all

This will refuse all GET and POST requests made by IP address 127.0.0.1, an error message is shown instead

To block multiple ip addresses, list them one per line

order allow,deny
deny from 127.0.0.1
deny from 127.0.0.2
deny from 127.0.0.3
allow from all

To block an entire ip range

deny from 127.0.0

This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.

Edit: Just found a similar question here

How to Block an IP address range using the .htaccess file

Looks like out answers are similar too.

Community
  • 1
  • 1
Richard Hamilton
  • 25,478
  • 10
  • 60
  • 87
1

The answer from @Nick is good, so on the side of configuring the .htaccess you should go his way.

My answer will be about another issue detected in your question: you are willing to block the IP range 69.30.192.0 - 69.30.255.255, but a quick search on the ARIN database (WHOIS for IP addresses) shows that this range is not belonging to a single person.

In fact, by doing this, you might potentially deny your website to non-bots.

Eg:

69.30.192.0 - 69.30.192.31 belongs to LEAKY****.COM

...

69.30.193.0 - 69.30.193.15 belongs to TA*****, Abdelkader

etc.

Fabien
  • 4,862
  • 2
  • 19
  • 33