How to Block IP Address

Last Updated 5/24/2017

The following tutorial explainss how you can block IP addresses from viewing your website in Windows IIS and Linux/Unix Apache. Blocking IP addresses prevents users from seeing your website during construction, limits access to specific users, or to blocks users attempting to connect to your site maliciously.


How to block IP in Windows IIS

To block an IP address from viewing your website, please follow these steps:

1. Login to your server through Terminal Services or Remote Desktop Connection.
2. Click Start, select Programs, and then click Administrative Tools.
    For IIS 5.0 click Internet Services Manager.
    For IIS 6.0 click Internet Information Services.
3. In the left column you will see the Server Name.
    In IIS 5.0, expand the Server Name to find the domain name.
    In IIS 6.0, expand the Server Name and then Web Sites to find the domain name.
4. Right-click on the domain name and select Properties.
5. On the Directory Security Tab under IP Address and Domain Name Restrictions click Edit.
You have two options, you can grant access to all computers and restrict individual IP's or you can deny access to all computers and grant access to specific IP's. By default, all users will be granted access to your site except the IP addresses you specify.
To add an IP address to the restriction list, please follow these steps:
1. Click Add.
2. Select the type:
    Single Computer - add a single IP Address.
    Group of Computers - add a block IP Address using the starting IP address of the block and the appropriate subnet mask.
    Domain Name - add a domain name (this method is not recommended).
3. Click Ok.

How to block IP in Linux/Unix Apache

You can also block (or admit) users based on their incoming IP address:
<IfModule mod_rewrite.c>
    RewriteEngine on
    RewriteMap     block dbm:/www/conf/my.block
    RewriteCond     ${block:%{REMOTE_ADDR}|OK}     !^OK$
    RewriteRule     ^/.*     http://%{REMOTE_ADDR}/     [L]
</IfModule>

You create my.block.db from a file (named blocklist) that looks like this:
xxx.xxx.xxx.xxx block

and piping it to
./db_create my.block.db < blocklist

You can add additional entries on the fly:
echo "xxx.xxx.xxx.xxy block" | ./db_create