Restrict access with .htaccess and the IP Deny Manager
Access control is an important part of managing visitor access to your website. Visitors can be restricted from accessing your site by using the IP deny manager in your cPanel or by adding the
Deny code in your .htaccess file.
This is especially useful when robots or malicious visitors from specific countries or domain addresses spam your site or place comments on your site that you do not want. The following sections will explain how to block IP's in your .htaccess file and through the cPanel IP deny manager.
Important! If you are on a VPS or Dedicated server, you can bloack IPs globally server wide. Please click here to learn how.
Access control using your .htaccess
Access control by IP address
Deny directives let you allow and deny access based on the IP address or host name of the originating visitors server. The syntax is as follows:
Allows IP 184.108.40.206 access to your website.
Allow from 220.127.116.11
Denys IP 18.104.22.168 access to your website.
Deny from 22.214.171.124
Adding those lines of code will prevent or give access to the user from that IP address.
Order to combine
Allowdirective in one spot using
Order. See the following code example.
Order deny,allow Deny from all Allow from 126.96.36.199
This allows you to be able to Deny all visitors from accessing and at the same time allowing only certain visitors access.
Access control by Host name
You can block visitors in the .htaccess using the host name of the visitor. The following is the syntax for blocking host names from accessing your site.
Deny from unwanted-domain.com
Important! THIS IS NOT RECOMMENDED. If you use a host name in a
Deny rule in the .htaccess, Apache will convert your Apache log into host names instead of IP addresses. This will remove your ability to see the logs with IP addresses. You will want to use the IP address instead of host name; unless, you want to check your site access by host name alone.
deny with the IP and Host
You can combine the IP addresses and the host names together with the same syntax. Also, you can specify just a part of a domain. The following is the syntax for combining the IP and host name.
Deny from 192.168.205 Deny from unwanted-domain.com unwanted-domain-2.com Deny from domain-part
Access control using the IP Deny Manager
cPanel gives you the ability to block specific IP's from viewing and accessing your website. the following is the steps to add IP addresses to your server to block them from accessing your site.
- Login into your cPanel.
- Navigate to the Security section and click the IP Blocker icon. The following table explains what formats you can use to block Ips.
IP formats (taken from cPanel) Single IP Address 10.5.3.333 (Only this IP will be blocked) Implied Range 10.5.3.3-10.5.3.40 (This blocks a range of IP's that fit the parameters between IP 10.5.3.3 and 10.5.3.40) CIDR Format 10.5.3.3/32 (This blocks all IP's in the 10.3.3 range from 10.3.3.00 to 10.3.3.32) Implied IP Address 10. Implies 10.*.*.* (blocks all IP's starting with 10.)
- Enter the IP you want to block.
- Click the Add button.
- You will be directed to a success page.
Click Go Back.
Support Center Login
Social Media Login
2015-11-07 11:18 am
What about blocking an IP V6 address?I see where blocking a domain name is possible but, doesn't that require yet another DNS request to complete the blocking action?
2015-11-09 7:32 pm
Currently our servers do not accept IPV6 addresses, so there is no current need to block them.
2016-08-01 1:00 am
Does using Access control using the IP Deny Manager slow down my web site? I want to block certain countries like Russia and China and would like to block in ranges because the list is too long for htaccess and I am afraid it will make things very slow.
2016-08-01 4:21 pm
Yes, anytime you add a large chunk of code it will slow things down a bit. You will want to test it to see how much, however.
2016-11-11 3:57 pm
What is the difference between blocking an IP via the Deny Manager versus via .htaccess?
2016-11-11 4:20 pm
Great question, Laleh! The IP Blocker in cPanel actually modifies the .htaccess file. The interface just provides a simpler, more convenient method to block an IP.
2016-12-20 7:00 pm
Your CIDR examples are incorrect.
a /32 indicates a 32 bit mask, with 8 bits per octet, that means you are blocking (masking) just that one address. If you want to block a range using CIDR, for example: /24 will block 10.3.3.0-255, /16 will block 10.3.0.0 to 10.3.255.255. You can adjust down from /32 to block wider and wider ranges. Rememberm you are using a netmask to filter ip addresses. It's not for directly declaring a range of ip's.
Check out this for further explinations: https://en.wikipedia.org/wiki/Classless_Inter-Domain_Routing