InMotion Hosting Support Center

Unable to block IP Address in .htaccess

Category: Resources

kdawes01
Asked:
2014-12-21 7:06 pm EST

Hits: 1,479
I'm hoping you can help me here...
For various reasons there are a lot of IP addresses I block from my websites here on inMotion. I frequently block IP ranges.

My sites are frequently hit hard by the IP address 72.21.217.64 - generating hoards of 403s - and while I have blocked the range, they still come through.. (This goes for many IPs I'm just mentioning one)

Ive tried blocking their User agent as well to no avail.
RPT-HTTPClient/0.3-3

How can I ban these bozos?

You must login before you can ask a follow up question.

You must login before you can submit an answer.

Best answer chosen by User

0

JeffMa
Staff
11,186 Points
2014-12-22 9:28 am EST
Generally, blocking can be done directly in cPanel using the IP Deny Manager which would simply modify your .htaccess file, but it is possible that the ability to do so is being inhibited by other content. To do so, you may simply block the IP manually within your .htaccess file using the following line:

Order Deny,Allow
Deny from 123.123.123.123



Best regards,
JeffMa

You must login before you can post a comment about this answer.

Hi Jeff,
Yes, as you say, I could block it via cPanel IP Deny Manager and that it would simply write that to my .htaccess file. (BTW that needs to be used with caution! I've found that it will OVERWRITE what you have manually placed in your .htaccess, not append. You could lose everything you have in there.)

As I mentioned, I have MANY "Deny from 123.123.123.123" entries and they work just fine.

It's SPECIFICALLY 72.21.217.64 (and a few others) that are getting through. This is the IP address reported in the access logs.. Perhaps it's spoofed? Proxied? If you look up the IP addresses they frequently show as belonging to Amazon AWS.
Regardless, if I try to ban it with a "deny from", it still appears in my access logs and generates nasty, huge spikes in my cPanel bandwidth chart.

I have also tried to ban the User Agent they use with a "SetEnvIfNoCase User-Agent" for RPT-HTTPClient/0.3-3 and that doesn't seem to work either.

Any ideas?
kdawes01
39 Points
2014-12-24 12:53 pm EST
Hello Kdawes01,

Trying to stop specific IP addresses from affecting your website can be tough, even with the long deny strings in your .htaccess. If you are seeing specific IP addresses that you need to address, you would need to add the address or range of addresses so that it is kept from hitting your site. The only other w ay to do this would be to block it at the firewall level, but that is not something you will be able to do from a shared server account.

To fix the issue that you're currently seeing, you need to ADD that IP address (or range) into your Deny rules (there are no 72.x deny rules in the .htaccess file currently). This will keep the IP addresses from continually hitting your website and affecting your server resources.

I hope that helps to answer your question! Please let us know if you have any further questions or comments.

Regards,
Arnel C.
Arn
42,973 Points
Staff
2014-12-24 1:30 pm EST
Hi Arn,
While it's true that I don't have a 72.x deny in my root site, I have a number of sites on my account (among other things it gives me the ability to experiment on one site and not another), and I DO have the 72.x deny (actually 72.21.192.0/19 ) on one of them and "they" still get through.

If you Google .htaccess block "amazon aws" you'll find that this is not an uncommon problem...
kdawes01
39 Points
2014-12-24 2:32 pm EST
Hello Kdawes01,

When I looked in the .htaccess file of your primary site, I did not see a rule for that IP address. If you're talking about a different URL, then you need to specify it. If a website request is coming directly to our server, then it will block the request from that IP as per the rule in the .htaccess file - unless there's something else in your rules that counters it. I copied out the .htaccess file (in your primary domain) and searched for anything with "72." and did not see the rule that you stated. This was on the primary domain. If this issue is not related to the primary domain, then please let us know what domain is having the issue.

Regards,
Arnel C.
Arn
42,973 Points
Staff
2014-12-24 2:59 pm EST
Sorry to be so slow to get back to this... I'm still having the problem though.
The site I'm having the problem with is stories-about-love.com
Here are a couple of representative lines from the access log for that url (I've altered the Request path to disguise the actual path to WordPress)

IP Address, Logname, User, Date, Request, Code, Size, Country, Referer, UserAgent
72.21.217.139,-,-,[17/Jul/2015:10:42:35 --0700],"GET /sal/wp-content/uploads/2015/06/image001-191x300-191x300.jpg HTTP/1.1",403,102,United States,-,RPT-HTTPClient/0.3-3
72.21.217.139,-,-,[17/Jul/2015:10:42:45 --0700],"GET /sal/wp-content/uploads/2014/02/BJ-DANIELS-AUTHOR-IMAGE-200x300.jpg HTTP/1.1",403,102,United States,-,RPT-HTTPClient/0.3-3

In the .htaccess for the site I have tried to deny the IP address and I have tried to block the UserAgent. The request is being blocked by a WordPress plugin - which is good. However, I'd like to block the bot/scraper via .htaccess - before it gets to WordPress. Fewer resources used...

Am I correct in assuming that if it is blocked via my .htaccess that I'd not see the bot/scraper in my access log files?
kdawes01
39 Points
2015-07-17 3:58 pm EST

OTHER ANSWERS

0

TJEdens
Staff
10,077 Points
2015-07-21 8:59 am EST
Hello Kdawes01,

Even if it is being blocked it will show up. Lets take this snippet as an example:

72.21.217.139,-,-,[17/Jul/2015:10:42:35 --0700],"GET /sal/wp-content/uploads/2015/06/image001-191x300-191x300.jpg HTTP/1.1",403,102,United States,-,RPT-HTTPClient/0.3-3

So the request came from 72.21.217.139 on 17/Jul/2015:10:42:35 requesting /sal/wp-content/uploads/2015/06/image001-191x300-191x300.jpg using protocol HTTP/1.1 of which the server replied with a 403 error (blocked by configuration). If you wanted to block this IP prior to getting to Apache then you would need to block it in the firewall.

Best Regards,
TJ Edens

You must login before you can post a comment about this answer.

Unfortunately, since I'm on a shared server, I guess that I won't have access to the firewall.

Does bring up a question I've been meaning to ask... I obviously have an .htaccess file in my site root i.e. /public_html/.htaccess There is also an .htaccess in my account root i.e. /.htaccess

What is most appropriate to have in that file? Does it affect everything downstream from it? i.e. my site in my public_http root? Folders that contain separate domains/urls?
kdawes01
39 Points
2015-07-23 4:20 pm EST
Hello kdawes01,

Thank you for contacting us. On a shared server, you will not have access to the firewall.

Yes, your .htaccess file will affect the child folders, unless there is another .htaccess file in that folder. So, if you want multiple .htaccess files for separate domains, just create a new .htaccess file in that folder.

For additional information, see our full article "What is the .htaccess file and what do I use it for?".

Thank you,
John-Paul
John-Paul
31,633 Points
Staff
2015-07-24 10:30 am EST
Like this Question?

Related Articles

Forum Login

You are NOT logged in. You can still browse our Support Center.

To participate within our Community Support Forum:

Need more Help?

Ask the Community!

Get help with your questions from our community of like-minded hosting users and InMotion Hosting Staff.

Current Customers

Chat: Click to Chat Now E-mail: support@InMotionHosting.com
Call: 888-321-HOST (4678) Ticket: Submit a Support Ticket

Not a Customer?

Get web hosting from a company that is here to help. Sign up today!