Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
731 views
in Technique[技术] by (71.8m points)

.htaccess - Ban IPs from text file using htaccess

I read and understand how to block an ip using htaccess:

order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88
...
allow from all

But my list of black IPs includes thousands of IPs. I save all IPs to a blacklist.txt file.

Can I use htaccess to call blacklist.txt and block all IPs which are stored in this file? If so, how?

See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Reply

0 votes
by (71.8m points)

You can try using variations of RewriteMap. You'll need access to the server/vhost config because that directive only works there. You can then use the map inside htaccess files.

Say your blacklist.txt file looks like this:

111.222.33.44  deny
55.66.77.88    deny
192.168.0.1    allow

You can define the map like so:

RewriteEngine On
RewriteMap access txt:/path/to/blacklist.txt

Then in your htaccess, you can invoke the map:

RewriteEngine On 
RewriteCond ${access:%{REMOTE_ADDR}} deny [NC]
RewriteRule ^ - [L,F]

The condition invokes the map and checks if the remote address maps to the word "deny", and if so, the rewrite rule outright forbids access.

If your blacklist.txt is only a list of IPs, and you don't want to add a "deny" after each one, you'll need to invoke a program map type and write a script, something like this:

#!/bin/bash

while true
do
    read INPUT
    MATCH=`grep $INPUT /path/to/blacklist.txt`
    if [ -z "$MATCH"  ]; then
        echo "allow"
    else
        echo "deny"
    fi
done

which infinite loops read input and greps the blacklist.txt file. If the IP is in the file, output a "deny", otherwise it outputs a "allow". Then you'd create the map like so:

RewriteEngine On
RewriteMap access prg:/path/to/blacklist.txt

And the rewrite rule to check against the map would be no different.


与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
OGeek|极客中国-欢迎来到极客的世界,一个免费开放的程序员编程交流平台!开放,进步,分享!让技术改变生活,让极客改变未来! Welcome to OGeek Q&A Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...