x Toggle Content
Toggle Content    Register or Login  -  September 22, 2017, 4:30 pm  
Toggle Content Commercial Themes
This is an opportunity for you to preview TCD commercial themes. All themes seen here can be purchased from the store.
Toggle Content User Info

Welcome Anonymous

Toggle Content Navigation
Toggle Content Project Status
News » Denying IP Ranges with htaccess
Treasure Coast Designs & Web Hosting
If you are looking to create your own website here are the 3 things you need and in this order:

1. Domain Name - $10 to $20 (preferably with an ICANN accredited registrar)
2. Web Hosting - Between $50 and $1,000 annually. Generally $100-$200 for most people.
3. Web Design - Between $100 and $10,000 annually. Generally $300-$500 for most people.

Please make sure you have a domain name registered with an ICANN accredited domain name registrar. Network Solutions or GoDaddy are good choices. Avoid web hosting or web design companies that want to register your domain name for you. Many stories can be found online about good people losing their domain names because of 3rd-rate web hosts trying to pass themselves off as registrars. Take control of your own domain name from the start and go with a reputable registrar, you'll save yourself a lot of time and energy in the long run.

Here is a current list of ICANN accredited registrars.

Design Packages
HTML Website $300 PHP Website - $500 USD
• 3 pages designed by templating
• header graphic with company/personal logo
• footer graphic with TCD small footprint logo
• search engine friendly meta keywords
• designed with xhtml and css compliance
• time based maintenance fee for requested updates
• 5 pages designed by templating
• universal header graphic with company/personal logo
(faster pages)
• universal footer graphic with TCD small footprint logo
(faster pages)
• search engine friendly meta keywords
• designed with xhtml and css compliance
• time based maintenance fee for requested updates
Open-Source CMS Package - $700 USD Open-Source E-Commerce Package - $1000 USD
• DragonflyCMS, Joomla, PHP-Nuke, Mambo, or Wordpress
• Installation, Setup, Customization
• customized universal template
• web interface for content administration
• administrative training
• content creation training
• template design with xhtml and css compliance
• task based maintenance fee
• Zen-Cart Solution
• Installation, Setup, Customization
• up to 10 products upon initial setup
• web interface for product administration
• administrative training
• content creation training
• designed with xhtml and css compliance
• task based maintenance fee


If you have any questions or would like a customized package quote please Contact Us
Tutorial When it comes to preventing unwanted visitors such as email harvesters, forum spammers, and otherwise generally bad bots; admins have been using the .htaccess file with a ruleset of deny from ip. That's fine for a case by case basis but say you want to deny an entire ip range for whatever reason you want.

That's where CIDR Notation comes into play. CIDR stands for Classless Inter-Domain Routing. It is a method of categorizing and allocating IP addresses for efficiently routing IP packets on the Internet.

Basically it's an amendment tacked onto an ip address. After DNS was created they knew the standard IPv4 range was not scalable enough. CIDR is an attempt to provide additional efficiency of packet routing to IP addresses within the same geographic area. The whole system was designed to be a temporary measure until a better solution (IPv6) could be implemented. Because CIDR has proven it's usefulness as an additional method for packet routing it is being worked on for IPv6 as well.

CIDR is not a perfect way to specify a range for IP deny but it can make the life of an admin much easier. Now we will go over some real world examples and how to save your htaccess file from getting bogged down with hundreds of IP Deny lines.

Here is an example of an IP Deny within .htaccess which bans a range of IP's from DotBot.

deny from 208.115.111.240
deny from 208.115.111.241
deny from 208.115.111.242
deny from 208.115.111.243
deny from 208.115.111.244
deny from 208.115.111.245
deny from 208.115.111.246
deny from 208.115.111.247
deny from 208.115.111.248
deny from 208.115.111.249
deny from 208.115.111.250
deny from 208.115.111.251
deny from 208.115.111.252
deny from 208.115.111.253
deny from 208.115.111.254
deny from 208.115.111.255

As you can see there are quite a few IP's that DotBot has at it's disposal. Now go over to Mikero.com's CIDR IP Calculator and plug in the IP ranges. It will spit out a very nicely formatted CIDR range to deny.

deny from 208.115.111.240/28

By the way, if you use Whois on some domains such as dotnetdotcom.org (DotBot's home), sometimes the registration details will display a CIDR address for you. That can make your life easier if they become a nuisence but in most cases using Whois on every IP is more work than it's worth. Most admins just stick with using ARIN for quick and painless IPv4 probing of visitors indexing their site.

That's it. All those deny lines are gone thanks to CIDR addressing. As mentioned earlier CIDR is not perfect. There are instances where you can't specify the exact range you want. The Mikero CIDR calculator will automatically show you the next largest range which includes the range you want. Sometimes, that can include a couple hundrend million more IP addresses than you want so it's definitely not a good idea to use it for that purpose. There is always a way around it though as I'll detail.

Let's say you want to ban ranges 85.0.0.0 to 89.255.255.255. If you are looking for an IP deny solution then you are probably familiar with using
deny from 85
deny from 86
deny from 87
deny from 88
deny from 89

In this instance CIDR is actually no good. What you have been doing is the easiest method. CIDR will output the following if you try to ban by that range.

Resulting network range (in CIDR notation): 80.0.0.0/4
I had to expand your range by 184549376 addresses, or 220%.

As you can see, CIDR couldn't calculate the exact range and had to expand out to the next possible range. Doing so included an additional 184549376 addresses. Not good. In this instance it's best to use the simple
deny from 85 method
OR
if you want to write that in CIDR notation it would be
deny from 85.0.0.0/8
deny from 86.0.0.0/8
deny from 87.0.0.0/8
deny from 88.0.0.0/8
deny from 89.0.0.0/8

Whenever you want an entire range from the first octect the CIDR notation is always /8:
192.0.0.0 to 192.255.255.255 = 192.0.0.0/8
65.0.0.0 to 65.255.255.255 = 65.0.0.0/8
and so on.


I don't pretend to understand CIDR Notation or calculations yet. What I have found is a very easy way to shorten .htaccess rules with the use of CIDR. Thanks to the excellent calculator by Mikero.com for providing an easy way for admins to learn more about CIDR.



Posted by Devon on Saturday, March 14, 2009 (02:44:45) (4538 reads)

"Denying IP Ranges with htaccess" | Login/Create an Account | 1 comment
Threshold
The comments are owned by the poster. We aren't responsible for their content.

Re: Denying IP Ranges with htaccess (Score: 1 )
by Carlos on Monday, August 03, 2009 (18:54:18)
For WHOIS lookup I recommend http://www.whois-server.net/ , for example - http://www.whois-server.net/dotnetdotcom.org

| Parent

Toggle Content Related Links
 More about Tutorial

Most read story about Tutorial:
Denying IP Ranges with htaccess
Toggle Content Article Rating
Average Score: 0
Votes: 0

Please take a second and vote for this article:

Excellent
Very Good
Good
Regular
Bad

Toggle Content Options

RSS-News
RSS-Downloads
RSS-Forums
RSS-KnowledgeBase
Valid CSS!
Valid HTML 4.01!

Site Search | Support | Contact | Payments | Link to Us
All TCD logos and trademarks in this site are property of TreasureCoastDesigns.com
Interactive software released under GNU GPL, Code Credits, Privacy Policy
TCD_Natural © T.C.D.