Tuesday 09 December 2003

.htaccess: Deny by IP

I came back from work yesterday to find a creep running amok all over my weblog and accounting for 17.5% of my total hits for the last 24 hours.

My initial research on the errant bot suggested that there was no point in using robots.txt to exclude it as it appears not to follow the Robots Exclusion Protocol.

My only recourse was to deny it by IP.

But I have never used an .htaccess file before so now was the time to break out the post-it notes I have literally littered all over my desk top as well as in various files on my computer. I managed to find an .htacess deny by ip article I like but it was another 5 hours (I started my research at 2215 hours) and a couple of emails to my Web Host before I manage to ban the creep.

I would like to give my thanks to my Web Host for answering my emails at 0015 hours and for being patient with me.

Anyway, here is the code I ended up writing into my .htaccess file

Order Allow,Deny
Deny from 69.28.130.
Allow from all

It originally did not work and the creep continued unabated because I got the order wrong and typed Order Deny,Allow instead of Order Allow,Deny and had to read it up in the Apache Documentation.

I consulted Sam Spade but couldn't work out the IP range so I ended up blocking 69.28.130.

Someday, I will get around to blocking the specific IPs but my research into my server logs suggest only the creep has used this block to date.