Restricting Access by IP

Here are some examples.  These directives can go in either the top-level Apache config files or individual .htaccess files.

# Restrict to OSU networks
<RequireAny>
   Require ip 128.146.0.0/16 164.107.0.0/16 140.254.0.0/16
   Require ip 172.16.0.0/12 10.0.0.0/8
   Require ip 2620:0:1a10::/48
   Require ip 3.16.225.230 3.14.116.154 3.12.52.221
</RequireAny>
# Block only bad IP ranges and let everyone else through
Require not ip 1.2.3.4
Require not ip 5.6.7.0/24
# Allow from OSU networks only _except_ for a few specific IPs
<RequireAll>
   <RequireAny>
      Require ip 128.146.0.0/16 164.107.0.0/16 140.254.0.0/16
      Require ip 172.16.0.0/12 10.0.0.0/8
      Require ip 2620:0:1a10::/48
      Require ip 3.16.225.230 3.14.116.154 3.12.52.221
   </RequireAny>
   Require not ip 128.146.1.2
   Require not ip 164.107.3.4
</RequireAll>
# Example using mod_rewrite to block bad IPs instead
RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^1\.2\.3\.4$ [OR]
RewriteCond %{REMOTE_ADDR} ^5\.6\.7\.
RewriteRule .* - [F]

# Or if you'd prefer an error page to a 'forbidden' code then replace last line with
RewriteRule .* http://www.osu.edu/err/404.php [L,NE,R=301]

Notice that for mod_rewrite you’ll need the IPs in regular expression form rather than CIDR, IP/netmask, or other standard ways of denoting IPs. This is because it can only do a string comparison instead of a more intelligent range match.


Need More Information?

Is OSU Web Hosting right for you? Check your eligibility.

More questions? Check the support section or contact us.

Ready to get started? Request hosting now!