If your server is behind Varnish, you may know that Varnish does not pass a user's IP address in the standard fashion. Because of this, blocking IP addresses using your .htaccess file using normal means does not work.

Blocking with .htaccess

If you're using Varnish, you can use the following snippet of code in your .htaccess file to block IP addresses:

order allow,deny
SetEnvIF X-Forwarded-For "88.198.184.230" DenyIP
Deny from env=DenyIP
allow from all

Blocking with APF

Even though this blocks the IP address and returns a 403 forbidden error, apache will still log the user's request. If your server is under a ddos attack, you can block the user's IP address but your apache log file will still be written to. This constant writing to the log file can raise your server load average and affect your server's stability. If you block the IP address with APF using the following command, the request will not hit apache and you can prevent your apache log files from being filled with 403 errors:

apf -d 88.198.184.230

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!