• Welcome to Web Hosting Community Forum for Webmasters - Web hosting Forum.
 

Recommended Providers


Jetpack
Fully Managed WordPress Hosting
lc_banner_leadgen_3
Fully Managed WordPress Hosting

WordPress Theme

WordPress Hosting Divi WordPress Theme
WPZOOM

Forum Membership

Forum Membership

Block unwanted users from your site using .htaccess

Started by Chris, May 01, 2019, 11:22:49 AM


WordPress Hosting


Chris

My website is being attacked from different IP addresses. It is fake request but I am seeing common user agent. Is there anyway to block such traffic using .htaccess and user agent?

Kailash

Yes, it is possible to block the access based on user-agent. You can refer our following KB:

Block unwanted users from your site using .htaccess

In this KB, refer section "Block bad users based on their User-Agent string" for more details.

Hope this will help you.

- Kailash

techinfo

yes you can block user from .htacces file htaccess which is a file you can access if you're running Apache as your web server By denying an IP address' access in Apache web server's configuration file, the banning process can be executed before your site is fully loaded.

etechsupport

Block Bad Bots with . htaccess

  • FTP to your website and find your . htaccess file in your root directory.
  • Create a page in your root directory called 403. html, the content of the page doesn't matter, our is a text file with just the characters "403"
  • Browse to this page on AskApache that has a sample . ...
  • You can add any bots to the sample . ...
  • Test your .
Technical Support -eTechSupport.net sales@etechsupp

kumkum

#4
The most simple way to prevent from unauthorized access is to add below code in your .htaccess file:
<files ~ "^.*.([Hh][Tt][Aa])">
order allow,deny
deny from all
satisfyall
</files>


If you are using cpanel then you can also add particualr IP address to prevent access from those IP's.
For more details regarding prevent unauthorized access from .htaccess you can check.

Akshay_M

Edit your .htaccess file
To use any of the forms of blocking an unwanted user from your website, you'll need to edit your .htaccess file.

Login to your cPanel.
Under Files, click on File Manager.
cPanel file manager
Click on Settings in the upper-right. Be sure that Show Hidden Files (dotfiles) is checked. Click Save.
cPanel file manager settings
Select the directory for the site you want to edit. Please note that if the site is your primary domain, you will select public_html.
If your site is missing an .htaccess file, click on + File at the top-left and name the file .htaccess. Be sure the listed directory matches the site you are working on and click Create New File.
If your .htaccess file already exists, or you've finished creating one, right-click on the .htaccess file and select Edit.
cpanel editing htaccess
You might have a text editor encoding dialog box pop-up, you can simply click on Edit.
Block by IP address
You might have one particular IP address, or multiple IP addresses that are causing a problem on your website. In this event, you can simply outright block these problematic IP addresses from accessing your site.

Block a single IP address
If you just need to block a single IP address, or multiple IPs not in the same range, you can do so with this rule:

deny from 123.123.123.123

Block a range of IP addresses
To block an IP range, such as 123.123.123.1 – 123.123.123.255, you can leave off the last octet:

deny from 123.123.123

You can also use CIDR (Classless Inter-Domain Routing) notation for blocking IPs:

To block the range 123.123.123.1 – 123.123.123.255, use 123.123.123.0/24

To block the range 123.123.64.1 – 123.123.127.255, use 123.123.123.0/18

deny from 123.123.123.0/24

Block bad users based on their User-Agent string
Some malicious users will send requests from different IP addresses, but still using the same User-Agent for sending all of the requests. In these events you can also block users by their User-Agent strings.

Block a single bad User-Agent
If you just wanted to block one particular User-Agent string, you could use this RewriteRule:

RewriteEngine On RewriteCond %{HTTP_USER_AGENT} Baiduspider [NC] RewriteRule .* - [F,L]

Alternatively, you can also use the BrowserMatchNoCase Apache directive like this:

BrowserMatchNoCase "Baiduspider" bots Order Allow,Deny Allow from ALL Deny from env=bots

Block multiple bad User-Agents
If you wanted to block multiple User-Agent strings at once, you could do it like this:

RewriteEngine On RewriteCond %{HTTP_USER_AGENT} ^.*(Baiduspider|HTTrack|Yandex).*$ [NC] RewriteRule .* - [F,L]

Or you can also use the BrowserMatchNoCase directive like this:

BrowserMatchNoCase "Baiduspider" bots BrowserMatchNoCase "HTTrack" bots BrowserMatchNoCase "Yandex" bots Order Allow,Deny Allow from ALL Deny from env=bots

Block by referer
Block a single bad referer
If you just wanted to block a single bad referer like example.com you could use this RewriteRule:

RewriteEngine On RewriteCond %{HTTP_REFERER} example.com [NC] RewriteRule .* - [F]

Alternatively, you could also use the SetEnvIfNoCase Apache directive like this:

SetEnvIfNoCase Referer "example.com" bad_referer Order Allow,Deny Allow from ALL Deny from env=bad_referer

Block multiple bad referers
If you just wanted to block multiple referers like example.com and example.net you could use:

RewriteEngine On RewriteCond %{HTTP_REFERER} example.com [NC,OR] RewriteCond %{HTTP_REFERER} example.net [NC]RewriteRule .* - [F]

Or you can also use the SetEnvIfNoCase Apache directive like this:

SetEnvIfNoCase Referer "example.com" bad_referer SetEnvIfNoCase Referer "example.net" bad_referer Order Allow,Deny Allow from ALL Deny from env=bad_referer