Home

Geeklog: What I Learnt Today / Adam

Block user by IP Apache

> Apache has the ability with the mod_authz_host module to block users to a site by ip and method. So if you wanted to block POST requests from a set or single IP you can do it like this in your .htaccess or httpd.conf

<Limit POST> deny from 188.143.232.27 </Limit> ErrorDocument 403 /forbidden.php
The Error document pushes them off to the 'your forbidden' page that can then display them a message, log the request for later debugging etc.
You can also use partial address and ranges like

deny from 127.0.0.

or

deny from 127.0.0.2/32

If you want to block multiple methods you can list them

<Limit GET POST PUT DELETE >

/ Adam