Block access to all vhosts / shared vhosts command
- Thread starter nservices
- Start date
ikkeben
Verified User
Which Apache version while ip order deny allow is old, so better not for version 2.4.x
Tryouts in htaccess first then read the Apache DOCS/WIKI
Tryouts in htaccess first then read the Apache DOCS/WIKI
"Order Deny,Allow" is wrong for your case with the included clauses. With Deny,Allow you first specify the denied origins (the deny clause) and then the exceptions from that rule (the allowed clause). The IP address which you wish to block matches both clauses. So you first deny the IP and then allow it back.
You must do it the opposite way - Order Allow,Deny, so you define firstly what is allowed (allow from all - everything is allowed) and then add a deny clause which is the exception from that rule (you block the specific IP).
Briefly - your rule must be:
Another option is to use Order Deny,Allow, but skip the allowed part, eg:
That way you specify the denied list with the IP first and then, since there is no allowed clause, there is no exception to that rule so it will work
That will not block other IPs because they won't match in the deny clause.
Most people prefer the first variant - I guess they feel safer when they see "allow from all" explicitly.
You must do it the opposite way - Order Allow,Deny, so you define firstly what is allowed (allow from all - everything is allowed) and then add a deny clause which is the exception from that rule (you block the specific IP).
Briefly - your rule must be:
Code:
Order Allow,Deny
Deny from 1.1.1.1
Allow from allAnother option is to use Order Deny,Allow, but skip the allowed part, eg:
Code:
Order Deny,Allow
Deny from 1.1.1.1That way you specify the denied list with the IP first and then, since there is no allowed clause, there is no exception to that rule so it will work
That will not block other IPs because they won't match in the deny clause.Most people prefer the first variant - I guess they feel safer when they see "allow from all" explicitly.
Last edited: