I'm managing a site and the site is built in Wordpress. It gets ENORMOUS amount of traffic from bots and we want to block all of them except for important bots like Google Yahoo Bing Baidu. We use cloudflare and I want to block them from two layers, Cloudflare firewall and htaccess file. In htaccess file, I know how to block a single IP address and last trailing IPs of a IP range like 123.123.123.0/16
However, I need to block following IPs 69.30.192.0 - 69.30.255.255 93.55.115.64 - 93.55.115.71
How do you set rules of this in htaccess file? Cloudflare seems to follow same rule.
4 Answers
Answers 1
You've almost got it. The /16 notation is actually called CIDR Notation.
The number indicates how many bits to match from left to right. The Wiki page explains it in depth.
Or... you can just take my word for it and use a tool like this one I found: http://www.ipaddressguide.com/cidr#range
You can then use the deny from in your .htaccess just as you would for a single ip with the given values:
Order Allow,Deny Deny from 69.30.192.0/18 Deny from 93.55.115.64/29 Allow from all Answers 2
Not sure how reliable the source is, but this is from clockwatchers
http://www.clockwatchers.com/htaccess_block.html
To Block a single ip address
order allow,deny deny from 127.0.0.1 allow from all This will refuse all GET and POST requests made by IP address 127.0.0.1, an error message is shown instead
To block multiple ip addresses, list them one per line
order allow,deny deny from 127.0.0.1 deny from 127.0.0.2 deny from 127.0.0.3 allow from all To block an entire ip range
deny from 127.0.0 This will refuse access for any user with an address in the 127.0.0.0 to 127.0.0.255 range.
Edit: Just found a similar question here
How to Block an IP address range using the .htaccess file
Looks like out answers are similar too.
Answers 3
The answer from @Nick is good, so on the side of configuring the .htaccess you should go his way.
My answer will be about another issue detected in your question: you are willing to block the IP range 69.30.192.0 - 69.30.255.255, but a quick search on the ARIN database (WHOIS for IP addresses) shows that this range is not belonging to a single person.
In fact, by doing this, you might potentially deny your website to non-bots.
Eg:
69.30.192.0 - 69.30.192.31 belongs to LEAKY****.COM
...
69.30.193.0 - 69.30.193.15 belongs to TA*****, Abdelkader
etc.
Answers 4
I have enjoyed recent success with the legacy GeoIP plugin for apache, nginx, and haproxy. Typically you can segment traffic by incoming geo.
0 comments:
Post a Comment