Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Ban IPs from text file using htaccess

I read and understand how to block an ip using htaccess:

order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88
...
allow from all

But my list of black IPs includes thousands of IPs. I save all IPs to a blacklist.txt file.

Can I use htaccess to call blacklist.txt and block all IPs which are stored in this file? If so, how?

like image 329
Miss Phuong Avatar asked Oct 22 '12 09:10

Miss Phuong


People also ask

How do I block an IP address using htaccess?

In this tutorial, you've learned the easy way to block or allow visitors from specific countries. All you need to do is generate the country's IP address via Country IP Blocks, then insert an access control list (ACL) into your . htaccess file.

How do I block .htaccess in access?

Let's assume that you wish to deny or block access to your website from 1.2. 3.4 IP address. If there are multiple IP's to which you want to deny access, simply add as many 'Deny from' rules as needed.


1 Answers

You can try using variations of RewriteMap. You'll need access to the server/vhost config because that directive only works there. You can then use the map inside htaccess files.

Say your blacklist.txt file looks like this:

111.222.33.44  deny
55.66.77.88    deny
192.168.0.1    allow

You can define the map like so:

RewriteEngine On
RewriteMap access txt:/path/to/blacklist.txt

Then in your htaccess, you can invoke the map:

RewriteEngine On 
RewriteCond ${access:%{REMOTE_ADDR}} deny [NC]
RewriteRule ^ - [L,F]

The condition invokes the map and checks if the remote address maps to the word "deny", and if so, the rewrite rule outright forbids access.

If your blacklist.txt is only a list of IPs, and you don't want to add a "deny" after each one, you'll need to invoke a program map type and write a script, something like this:

#!/bin/bash

while true
do
    read INPUT
    MATCH=`grep $INPUT /path/to/blacklist.txt`
    if [ -z "$MATCH"  ]; then
        echo "allow"
    else
        echo "deny"
    fi
done

which infinite loops read input and greps the blacklist.txt file. If the IP is in the file, output a "deny", otherwise it outputs a "allow". Then you'd create the map like so:

RewriteEngine On
RewriteMap access prg:/path/to/blacklist.txt

And the rewrite rule to check against the map would be no different.

like image 164
Jon Lin Avatar answered Nov 15 '22 22:11

Jon Lin