The cPanel has an IP blocking mechanism to help you secure your site from individuals who you deem suspicious or malicious. This works fine for a single IP or even a handful. It is not advisable however, if you want to block an entire country.

People may want to block a country for different reasons. Some countries are more notorious for having hackers or spammers. Other people want to block a country simply because they do not do business with them. In any case, you can set the code within the htaccss file to block the IP ranges of certain countries. Follow the instructions below to perform this task.

Blocking a country from accessing your site via htaccess

  1. First you will need to collect the data. You want to find a reliable list of IPs for the country you want to block. Doing a search, we find that you can get your deny list generated at IP2Location's free visitor-blocker generator. Using this tool will let you download a text file with the code needed to block a country. In our example, we randomly chose Algeria. The output format we chose is the Apache .htaccess deny. Follow the steps to download your file.
  2. Open your file in the text editor of your choice and highlight and copy the information in the file.
  3. Next, we will need to log into your cPanel to access the htaccess file.
  4. Find the Files category and click on the File Manager icon.
    cpanel
  5. A popup box will appear. For the primary domain, click on the Web Root radio button. For addon domains, click on the dropdown and find your desired addon domain name. Be sure the checkbox next to Show Hidden Files is checked. Click the Go button to enter the File Manager.
    file-manager-show-hidden
  6. You should now be in the root folder of the domain you chose. Look for the .htaccess file and right click on it. This brings up a menu. Find and click on the Edit option. If you get a popup box, simply find and click the Edit button in the lower right corner to continue to the editor.
    file-manager-htaccess
  7. You are now in the htaccess editor. Paste your code into your htaccess so that it forces the visitor to download that type of file.The code should be formatted similar to that below but be much longer. Some countries like China and the US can have thousands of lines in their block code
    <Limit GET HEAD POST>
    order deny,allow
    deny from 81.52.168.0/23
    deny from 188.138.10.163/32
    deny from 188.138.78.129/32
    allow from all
    </Limit>
  8. Be sure to hit the Save Changes button in the upper right corner to save your new htaccess configuration. Now any IP from those ranges are now denied access to your site.

Support Center Login


Social Media Login

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question
n/a Points
2014-03-01 12:17 pm

I am new to this but I think I understand.  I have been entering the IP's one by one into the Domain Deny Manager so when I looked a the htaccess file I could see my list. This has been alot of work.  Should I delete these and start fresh, or just add the list of IP's to this list which I generated to the ones alreay there.

Before I do this the pop up box advises I sould back up my existing file first.  Where should I do this?  Should I make a new file on the left side of the screen called BackUp and put the original in there?

Thanks for the help.

Staff
11,156 Points
2014-03-03 10:43 am
It is always a good idea to back up your files before making any changes. The easiest way to do so would be to copy the file as a different file name such as .htaccess.old.
n/a Points
2015-01-23 4:33 pm

 

I have noticed a couple of sites linking to my website.

 

Semalt crawler and buttons-for-website.com 

 

Should I block these?  I have read that some people say that I should.  If so, I understand I need to add some code to my htaccess file.  Is this true and if so what is the code and where does and were does it need to be placed within the file? 

 

Also I did add a list of IP’s to try and deny the annoying Russian websites from cluttering up my list of external sites shown on the statistics page in my C-panel.  Is there also some code I can add to my htaccess file to stop the .ru sites from showing up in my statistics?  There are always new ones showing up every month.

 

Thanks for your help.

 

 

 

Staff
24,495 Points
2015-01-23 4:49 pm
Hello Ted,

You can block specific referrers by creating a list of them in your htacces file like this:

<Files *>
Order Allow,Deny
Allow from all
Deny from 10.1.3.0/24
Deny from example.com
deny from another-example.com
</Files>


As to blocking all sites of a tld, such as all .ru domains, you would set up a rewrite rule. Of course you would need to send it somewhere, say perhaps Google, so the below code should work for that.
RewriteCond %{HTTP_REFERER} ^https?://[^/]+\.ru/? [NC]
Rewriterule ^(.*)$ https://www.google.com [r=307,NC]



Kindest Regards,
Scott M
n/a Points
2014-05-14 3:48 pm

I would like to block all countries except for the US with IP deny in htaccess. Is this file size going to impact my alotted bandwidth and will it impact the wp load times? The file would be huge.

Another approach - Is it worth considering using IP allow for just the U.S.  and deny all for anyone else, or may there be a down side to this approach? 

Staff
9,968 Points
2014-05-14 4:26 pm
Hello DS, and thanks for your comment.

Adding a very large list of IP addresses to your .htaccess file can cause overhead on your site's loading time, and it's usually advisable to have a narrow blocking ruleset to start off with.

Same thing for denying all traffic and then only allowing US traffic in. For example the US IP ranges downloaded from IP2Location Block Visitors by Country is about 4.4MB in size and is 167,985 line long.

Every time a request comes into your site the .htaccess rules need to be processed. So keep in mind that a normal good visitor could have to sit and wait while the server is checking to make sure they aren't blocked.

In my experience many times you aren't going to get a lot of bad traffic from a wide array of IPs within a country and need to cast such a large net. Your particular site will probably be hit by a few IP ranges here and there but you might be missing out on some legit traffic from a country you wouldn't expect it.

I'd recommend you use AWStats to review website stats for hosts, see which IP ranges are actually sending decent amounts of traffic to your website and then block users from your website using some .htaccess rules. You can even block by User-Agent or referer with just a few lines of code, and I've found this can sometime be more effective than blocking by IP address alone because if someone is attacking you they can just go through an IP address proxy, but attackers sometimes will keep the same User-Agent even while spoofing their IP address.

Please let us know if you were having any issues with current bad traffic on your website and we'd be glad to take a look. Also let us know if you had any further questions at all!

- Jacob
n/a Points
2014-05-14 6:09 pm

How do I track down the user agents of these offending IPs? I could not find that information in the AWstats. I use a plugin that lists IPs receiving 404 after attempting to login to WP. But I am not finding user agent info.

Staff
9,968 Points
2014-05-14 6:58 pm
Hello again DS,

You can use the steps from my guide on how to identify and block bad robots from a website if you are on a VPS or dedicated server.

If you have a shared hosting account, I'd recommend you create a PHP script that can run the commands for you to go through and parse User-Agents from archived raw access logs which is much easier to do then simply accessing your raw access logs and having to download them off the server for manual review.

An example PHP script that would look for all the User-Agent strings from the domain example.com for May, which already had cPanel raw access log archiving enabled would look like this:

userAgents.php

<?php
$user = $_POST['user'];
$pass = $_POST['pass'];

if($user == "admin"
&& $pass == "pass")
{
exec ('zgrep "May/2014" /home/userna5/logs/example.com-May-2014.gz | awk -F\" \'{print $6}\' | sort | uniq -c | sort -n > /home/userna5/userAgents');
echo "<p>Top User-Agents</p>";
echo "<pre>";
include("/home/userna5/userAgents");
echo "</pre>";
}
if(isset($_POST))
{?>

<form method="POST" action="userAgents.php">
User <input type="TEXT" name="user"></input>
Pass <input type="TEXT" name="pass"></input>
<input type="submit" name="submit"></input>
</form>
<?}
?>



Please let us know if you had any other questions at all!

- Jacob
n/a Points
2014-06-03 5:33 pm

hi, what does the number after the slash mean?

for example in this case "32"

deny from 4.0.0.223/32

thx

rob

Staff
22,224 Points
2014-06-03 5:52 pm
Hello Rob,

The 32 is part of what is called CIDR notation(Classless Inter-Domain Routing). This is used to represent a range of IP addresses. This means that the first 32 bits of the IP address given are considered significant for the network routing. Click on the link I've provided for a more in-depth tutorial about CIDR notation.

If you have any further questions, please let us know.

Regards,
Arnel C.
n/a Points
2015-01-12 1:53 am

I want don't to index robots.txt, sitemap.xml and some specific pages of my <a href="http://www.getpnrstatus.co.in/">site</a> Will you tell me, how can I do it through htaccess? Any suggestion will be appreciated; thanks in advance.

Staff
22,224 Points
2015-01-12 11:02 am
Hello Shawn,

Thanks for the question. Preventing search engines from accessing your site is normally done through the robots.txt file. The only example that I found on the internet was this post. I hope this helped to answer your question! Please let us know if you have any further questions or comments.

Regards,
Arnel C.
n/a Points
2015-01-16 4:11 am

Can any one help me to block my website to open it US.

Thanks & Regards

Inayat (http://www.getadmitcard.in/)

Staff
22,224 Points
2015-01-16 12:39 pm
Hello Sannu,

Thanks for the question, but it is unclear what you are asking. In general, a website is accessible from anywhere. However, if you want to limit access, then you would need to add a mechanism that would limit access to the website. This can be done through the .htaccess file and other ways such as a firewall rule. If you want have your website accessible ONLY in the US, then you can block country IP addresses as per the article above allowing only the US. If you're trying to do something different, then please explain your request again, with more detail.

Kindest regards,
Arnel C.
n/a Points
2015-03-13 11:05 am

To be clear, what would the code be to block all countries except the US?

Staff
24,495 Points
2015-03-16 12:10 pm
Hello Paul,

You first want to get the list of IP ranges in the US. There are a LOT. Then you simply add them in the following code:

# ALLOW USER BY IP
<Limit GET POST>
order deny,allow
deny from all
allow from
*list goes here*
</Limit>


This code says to do the DENY rule first, then the ALLOW rules. The deny says deny everyone, then the allow rule gives the exceptions.

Kindest Regards,
Scott M
n/a Points
2015-02-13 6:59 pm

Hello,

I am trying to block certain ip numbers using the .htaccess page.  How do I create the question mark with a line under it?  This symbol is at the end of some of the ip numbers I hope to block.

Thank you.

Staff
14,269 Points
2015-02-13 7:13 pm
Hello Vipo,

Thank you for contacting us. Since .htaccess is coded in Regular expression, there should be a way or symbol available.

We are happy to help, but it is not clear what you are looking for. Can you provide a link to an example, or some additional information.

Thank you,
John-Paul
n/a Points
2015-03-08 9:52 am

I am a bank consultant who needs really tight security on my secure subdomain.  After reading the article above, I modified my htacess file with the following lines.

<Files *>

Order Allow, Deny

Allow from **.**.**.***

Deny from all

</Files>

**.**.**.*** is my public ip address.

When I do that, I get a forbidden error on my address as well.  Any ideas.

Thanks.

Staff
24,495 Points
2015-03-10 8:01 am
Hello Charlie,

The code you have is saying to run allow rules first, then the deny rules. As the deny is Deny all, it supercedes the previous allow rule. Switching the order of them from order allw,deny to order deny,allow should allow you access from your IP. The order of the second and third lines do not matter. Below is the basic format for you.

order deny,allow
deny from all
allow from 111.222.333.444

Kindest Regards,
Scott M

n/a Points
2015-03-23 12:56 pm

I try to understand it but no clue, :( would really appreciate the help, through weekly web analysis reports I noticed that there a lot of chinese visitors on my website where is my artwork, I've heard they do make copies, so even though there might already be some damage, would like to block China from visiting my website any further. Is there a even easier way to this? Would appreciate it a million!

Staff
24,495 Points
2015-03-23 7:21 pm
Hello Amy,

I am not aware of an easier method as of yet. Which step are you having trouble with? Perhaps we can assist you with that.

Kindest Regards,
Scott M
n/a Points
2015-03-24 10:48 am

Hello Scott,

The main issue is that I'm receiving a lot of visitors in China and have been trying to find a way to block this country from seeing my website (as there is a suspicion that they might be there because of my art work). I've looked for a way through google & the only way would be by creating .htaccess file ( never been aware of as programming is something I don't usually use). 

Need help in building the file ( code for blocking all ip's that come from China) & instructions on how to upload it & where in the server with ASCII mode.

Honestly don't have a clue but at the same time no option as right now had to put a temporary index.html on the website to avoid from visitors accessing it.

 

Please help, would deeply appreciate it.

 

Staff
2,274 Points
2015-03-24 1:28 pm
Hello Amy,

You can use the link below which will generate a htaccess file for you.
http://www.ip2location.com/blockvisitorsbycountry.aspx

Best Regards,
TJ Edens

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

24 Questions & Comments

Post a comment

Back to first comment | top

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!