How to block an IP address from accessing your website

If you are experiencing repeated attempts to hack your site, or you wish to prevent access to your site for other reasons, you have two methods to choose from. Both allow you to block computers using specific IP addresses, or devices from a range of addresses, from accessing your website.

Block access with the cPanel IP Blocker

Your HostPapa Dashboard is equipped with a feature called the cPanel IP Blocker. Head to My cPanel in your HostPapa Dashboard and head to the Security section.

IP Blocker

IP Blocker provides less flexibility than other methods, but is easier to use. For example, you can block access to your website by IP address, IP address range or domain name, but you cannot target specific files or file types, like you can with the second method we’ll walk through – using .htaccess rules.

IP Blocker

In the Add an IP or Range field, enter the IP address, IP address range or domain for which you wish to block access and click Add.

Deny access from IP addresses through cPanel IP Blocker

You can specify IP addresses in the following formats:

  • Single IP Address: 192.168.0.1
  • Range: 192.168.0.1-192.168.0.40
  • Implied Range: 192.168.0.1-40
  • CIDR Format: 192.168.0.1/32
  • IP Block: 192.

IP Blocker checks the validity of the IP address format as you type. Enter the IP address, or range and click Add.

Blocking an IP address

 

Deny access from specific domains through cPanel IP Blocker

To block traffic linking to your website from a specific domain, enter the domain name in the  Add an IP or Range field.

Blocking a domain

cPanel will reconcile the domain name with its IP address via a lookup. If the IP address cannot be found, you will not be able to block the domain.

Manage blocked IP addresses and domains through cPanel IP Blocker

At the bottom of the IP Blocker page, you’ll see a section called Currently-Blocked IP Addresses. This provides a list of IP addresses that are currently blocked from accessing your server. To lift access restrictions, use the Delete button next to each IP address or range.

Currently blocked IP Addresses

Restrict access to your website using a .htaccess file

.htaccess is a configuration file used by the Apache web server. .htaccess rules override global settings for the directory in which the file is placed. You may find that .htaccess files are created automatically on your server, when you install popular web applications like WordPress, Drupal and Magento. However, if one does not exist, it can be easily created in a text editor and uploaded to your server. You can also create one directly from cPanel’s File Manager.

To get started, log in to your HostPapa Dashboard.

HostPapa Dashboard

In the top navigation menu, select My cPanel.

My cPanel Menu

Now select File Manager.

cPanel

At the top right of the screen, click the Settings button.

File Manager

.htaccess files are hidden from view by default. To expose them, ensure Show Hidden Files (dotfiles) is checked in the Preferences panel, then click Save.

Show Hidden Files option

Navigate to your website root using the left sidebar. Check to see whether a .htaccess file currently exists.

.htaccess file listing

If the .htaccess file exists, highlight it and select Edit from the top menu.

Encoding settings check

Alternatively, you can create a new .htaccess file by selecting + File.

Creating a New File

In the New File panel that opens, enter .htaccess as the file name and select Create New File to open the cPanel text editor. If you are asked to confirm Encoding settings, leave the default option in place and click Edit.

You can now create the rules required to restrict access to your website. These rules can be configured to block all users or certain users (based on their IP address) from accessing website resources. You can also deny access to certain file types, specific files (for example, configuration files) and more.

Deny access to all files and folders through .htaccess

To prevent direct access to all files and folders on your server, create the .htaccess file in the root (top folder) of your server and add the following rule:

deny from all

Deny access to specific file types through .htaccess

If you wish to deny access to certain types of files, you can do so with the following rule. This example blocks access to .php files.

<Files ~ "\.php$">
Order allow,deny
Deny from all
</Files>

Simply change the file extension in the first line of the rule for other file types. For example, this rule blocks access to .inc files:

<Files ~ "\.inc$">
Order allow,deny
Deny from all
</Files>

Deny access to a specific file through .htaccess

Blocking access to a specific file is performed using the following rule:

<Files config.php>
order allow,deny
Deny from all
</Files>

This example targets a config.php file held in the same directory as the .htaccess file. To change the target, replace config.php in the first line with your chosen filename.

Deny access from specific IP addresses through .htaccess

If you wish to block a specific user from accessing your website, you can do so using their IP address or the domain name from which they’re visiting. Use the following htaccess rule (replacing the numbers with the user’s IP address):

deny from 123.456.789.123

To deny access to a block of IP addresses, simply leave off the last octet from the IP address:

123.456.789.

This blocks access to anyone using an IP in the range from 123.456.789.0 to 123.456.789.255.

Deny access from specific domains through .htaccess

Denying access via links from specific domains (e.g. www.problemdomain.com) is also possible through htaccess. The following rule will display a 403 Forbidden error to any user accessing your site from a link hosted on the targeted domain:

SetEnvIfNoCase Referer "problemdomain.com" bad_referer
Order Allow,Deny
Allow from ALL
Deny from env=bad_referer

Change the domain in the first line of the rule to target the domain you wish to block. For a subtler approach, this rule displays a 500 Internal Server Error for anyone linking from the target domain:

RewriteEngine on
RewriteCond %{HTTP_REFERER} example\.com [NC,OR]
RewriteRule .* - [F]

Remove access restrictions through .htaccess

If you wish to remove access restrictions held in your .htaccess file, simply delete the rule from the file in cPanel File Manager’s text editor and save the file.

For further questions, or if you need help, please open a support ticket from your HostPapa Dashboard. Follow this link to learn how.

Was this article helpful?