Click here to watch a video tutorial

Access control is an important part of managing visitor access to your website. Visitors can be restricted from accessing your site by using the IP deny manager in your cPanel or by adding the Allow or Deny code in your .htaccess file.

This is especially useful when robots or malicious visitors from specific countries or domain addresses spam your site or place comments on your site that you do not want. The following sections will explain how to block IP's in your .htaccess file and through the cPanel IP deny manager.

Important! If you are on a VPS or Dedicated server, you can bloack IPs globally server wide. Please click here to learn how.

Access control using your .htaccess

Access control by IP address

The Allow and Deny directives let you allow and deny access based on the IP address or host name of the originating visitors server. The syntax is as follows:

Allows IP 122.102.1.2 access to your website.

Allow from 122.102.1.2

Denys IP 25.122.6.3 access to your website.

Deny from 25.122.6.3

Adding those lines of code will prevent or give access to the user from that IP address.

Using Order to combine Allow and Deny

You can combine a Deny and an Allow directive in one spot using Order. See the following code example.
Order deny,allow
Deny from all
Allow from 203.25.45.2

This allows you to be able to Deny all visitors from accessing and at the same time allowing only certain visitors access.

Access control by Host name

You can block visitors in the .htaccess using the host name of the visitor. The following is the syntax for blocking host names from accessing your site.

Deny from unwanted-domain.com

Important! THIS IS NOT RECOMMENDED. If you use a host name in a Deny rule in the .htaccess, Apache will convert your Apache log into host names instead of IP addresses. This will remove your ability to see the logs with IP addresses. You will want to use the IP address instead of host name; unless, you want to check your site access by host name alone.

Combining deny with the IP and Host

You can combine the IP addresses and the host names together with the same syntax. Also, you can specify just a part of a domain. The following is the syntax for combining the IP and host name.

Deny from 192.168.205
Deny from unwanted-domain.com unwanted-domain-2.com
Deny from domain-part

Access control using the IP Deny Manager

cPanel gives you the ability to block specific IP's from viewing and accessing your website. the following is the steps to add IP addresses to your server to block them from accessing your site.

  1. Login into your cPanel.
  2. Select IP deny manager cPanelNavigate to the Security setion and click IP Deny Manager. The following table explains what formats you can use to block Ips.
    IP formats (taken from cPanel)
    Single IP Address 10.5.3.333 (Only this IP will be blocked)
    Implied Range 10.5.3.3-10.5.3.40 (This blocks a range of IP's that fit the parameters between IP 10.5.3.3 and 10.5.3.40)
    CIDR Format 10.5.3.3/32 (This blocks all IP's in the 10.3.3 range from 10.3.3.00 to 10.3.3.32)
    Implied IP Address 10. Implies 10.*.*.* (blocks all IP's starting with 10.)

  3. Add IP in the Deny Manager cPanelType the IP you want to block.

    Click Add.


  4. List of current IPs addedYou will be directed to a success page.

    Click back.

    Now you will see the IP address in the list of current IP's that are blocked and the IP will not be allowed to access your site.


You can also watch the following video tutorial to learn how to block IP addresses:

Using IP Deny Manager

Did you find this article helpful?

We value your feedback!

Why was this article not helpful? (Check all that apply)
The article is too difficult or too technical to follow.
There is a step or detail missing from the instructions.
The information is incorrect or out-of-date.
It does not resolve the question/problem I have.
How did you find this article?
Please tell us how we can improve this article:
Email Address
Name

new! - Enter your name and email address above and we will post your feedback in the comments on this page!

Like this Article?

Post a Comment

Name:
Email Address:
Phone Number:
Comment:
Submit

Please note: Your name and comment will be displayed, but we will not show your email address.

News / Announcements

WordPress wp-login.php brute force attack
Updated 2014-07-17 06:43 pm EST
Hits: 200883

Related Questions

Here are a few questions related to this article that our customers have asked:
Ooops! It looks like there are no questions about this page.
Would you like to ask a question about this page? If so, click the button below!
Ask a Question

Need more Help?

Search

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!