deny from in .htaccess

How to deny from in .htaccess


NetRange: 47.74.0.0 - 47.87.255.255

CIDR: 47.74.0.0/15, 47.76.0.0/14, 47.80.0.0/13

Google knows.

With a line entry.

# Block all IPs starting with 192.168.1
Deny from 192.168.1


# Block another range, 10.0.0.0 - 10.0.0.255
Deny from 10.0.0


# Allow access from all other IPs
Allow from all


The large range you mention needs to be broken out.

# Deny access to the IP range 47.74.0.0 - 47.87.255.255
Deny from 47.74.0.0/16
Deny from 47.75.0.0/16
Deny from 47.76.0.0/16
Deny from 47.77.0.0/16
Deny from 47.78.0.0/15
Deny from 47.80.0.0/13
Deny from 47.88.0.0/13



Explanation:

• 47.74.0.0/16 covers 47.74.0.0 - 47.74.255.255
  
• 47.75.0.0/16 covers 47.75.0.0 - 47.75.255.255
  
• 47.76.0.0/16 covers 47.76.0.0 - 47.76.255.255
  
• 47.77.0.0/16 covers 47.77.0.0 - 47.77.255.255
  
• 47.78.0.0/15 covers 47.78.0.0 - 47.79.255.255
  
• 47.80.0.0/13 covers 47.80.0.0 - 47.87.255.255

Thanks dbltoe, I appreciate the explanation.

'deny from' is for old Apache 2.2 version. Apache 2.4 uses 'Require'.
Old way still works but mixing it with actual directives will lead you to troubles.

The good thing is that, althogh deprecated in Apache 2.4, the deny/allow entries will still work.

Unless you are confident you are using Apache 2.4, using deny/allolw is safe. Using require before 2.4 will fail.

Quote:

---

Originally Posted by dbltoe

The good thing is that, although deprecated in Apache 2.4, the deny/allow entries will still work.

Unless you are confident you are using Apache 2.4, using deny/allolw is safe. Using require before 2.4 will fail.

---

Seriously?!
Apache 2.4 was released in 2012... 13 years ago!
It is not that safe, I remember a bug in Image Handler 5 where images could not be written in cache folder because of use of 'deny from'. When used together with 'require' on same site, results are unpredictable.
For Apache 2.4 access, a quick and easy Google search gives this:
https://httpd.apache.org/docs/2.4/howto/access.html

If you want to be compatible with Apache 2.2 (when distributing plugins for exemple), you should use some conditinnal test like this:

Code:

---

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>

---

Quote:

---

Originally Posted by pilou2

Seriously?!
Apache 2.4 was released in 2012... 13 years ago!
It is not that safe, I remember a bug in Image Handler 5 where images could not be written in cache folder because of use of 'deny from'. When used together with 'require' on same site, results are unpredictable.
For Apache 2.4 access, a quick and easy Google search gives this:
https://httpd.apache.org/docs/2.4/howto/access.html

If you want to be compatible with Apache 2.2 (when distributing plugins for exemple), you should use some conditinnal test like this:

Code:

---

<IfModule mod_authz_core.c>
    Require all denied
</IfModule>
<IfModule !mod_authz_core.c>
    Order Allow,Deny
    Deny from all
</IfModule>

---

---

I agree that @pilou2's suggestion is the best approach. FWIW, that's how the as-shipped Zen Cart's /includes/.htaccess is coded.

True, it is the better approach, but, not being aware of the OP's settings or hosting, I chose to suggest deny.

Just like the .htaccess has the fallback to deny, I suggested deny as a safety net.

Most hosts who are using Apache 2.4.# are also running mod_access_compat to still allow deny to work.

Thanks for going the extra bit as it will help someone in the future to know all the options.