Block unwanted users from your site using .htaccess

How to Block Unwanted Users from your Site

In this article we will provide different ways to block users or bots from accessing your website via .htaccess rules. If you are unable to see .htaccess file from your control panel, please ensure that you have enabled “show hidden files” or any similar options in your control panel.

Shopify

Following are steps to block unwanted users from being able to access your website.

Block by IP address

If you want to block the access for particular IP address or IP range, you can do it using the following code in your .htaccess:

Block a single IP address

If you just need to block a single IP address or different IP addresses, you can do so with this rule:

deny from 111.111.111.111

Block a range of IP addresses

If you want to block entire IP range, you can do it using the following rule:

deny from 111.111.111

This will block the access to 111.111.111.1 – 111.111.111.255 IP range.

You can also block it using CIDR notation as follow:

deny from 111.111.111.0/24

Block bad users based on their User-Agent string

Sometimes your website can be attacked from different IP addresses and it is impossible to block all such users. If there is fixed user-agent in the request, you can block such access using the following rule:

Block a single bad User-Agent

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} Baiduspider [NC]
RewriteRule .* - [F,L]

Block multiple bad User-Agents

RewriteEngine On
RewriteCond %{HTTP_USER_AGENT} ^.(Baiduspider|HTTrack|Yandex).$ [NC]
RewriteRule .* - [F,L]

Block by referer

If you want to block a single bad referrer like example.com you could use this RewriteRule:

RewriteEngine On
RewriteCond %{HTTP_REFERER} example.com [NC]
RewriteRule .* - [F]

Block multiple bad referrers

If you just want to block multiple referrers like example.com and example.net you could use:

RewriteEngine On
RewriteCond %{HTTP_REFERER} example.com [NC,OR]
RewriteCond %{HTTP_REFERER} example.net [NC]
RewriteRule .* - [F]

Please ensure that you do not make any mistake while editing your .htaccess. It is a good practice to take backup before editing it.


Leave a Reply