Greenguy's Board


Go Back   Greenguy's Board > Programming & Scripting
Register FAQ Calendar Today's Posts

Reply
 
Thread Tools Search this Thread Rate Thread Display Modes
Old 2008-10-24, 07:40 PM   #1
Doug E
Kids are great, Appu. You can teach them to hate the things you hate and they practically raise themselves now-a-days, you know, with the internet and all
 
Doug E's Avatar
 
Join Date: Mar 2005
Location: Canadeh
Posts: 197
htaccess ip range deny paid assistance needed

I'm trying to put 350 ip ranges into proper format for htaccess to deny them. I need the specific ranges blocked, nothing more.

range examples...

61.14.41.136 61.14.41.143
61.14.132.32 61.14.132.95
61.14.132.128 61.14.132.255
61.14.133.32 61.14.133.47

htaccess entry...

order allow,deny
deny from I.P/RA.NG.E.1
deny from I.P/RA.NG.E.2
deny from AN.D/SO.ON
allow from all

If you know how, have the time, and are willing to do it for me contact me on ICQ with a quote. I can pay epass, paypal, xoom.

221684077

Thanks
Doug E is offline   Reply With Quote
Old 2008-10-24, 10:09 PM   #2
cd34
a.k.a. Sparky
 
cd34's Avatar
 
Join Date: Sep 2004
Location: West Palm Beach, FL, USA
Posts: 2,396
Quote:
Originally Posted by Doug E View Post
range examples...

61.14.41.136 61.14.41.143
61.14.132.32 61.14.132.95
61.14.132.128 61.14.132.255
61.14.133.32 61.14.133.47
Well, the first thing you would need to do is to find the netblocks that are associated with each one.

The first one consists of 8 addresses, which is a /29

61.14.41.136/29 is that netblock

The second one is not truly on a valid netblock boundary, but, I believe apache will still parse it properly. Since it is 64 IPs,

61.14.132.32/26 would match that netblock

61.14.132.128/25 covers that block.

61.14.133.32/28 covers the last block.

Its all CIDR math. So, the simple conversion is to take the size of the block, i.e. 16 IPs, which is 2**4. 32-4 = 28, which is your CIDR subnet.

So, if you take your list, figure out the number of IPs in the range, and determine the CIDR netmask, you can convert it to the CIDR notation, and append it to the starting IP in the block.
__________________
SnapReplay.com a different way to share photos - iPhone & Android
cd34 is offline   Reply With Quote
Old 2008-10-25, 02:35 AM   #3
MadCat
If something's hard to do, then it's not worth doing
 
MadCat's Avatar
 
Join Date: Sep 2008
Location: Berlin, Germany
Posts: 247
The last block will still be covered except you'll block a couple IP addresses at the end of the block that weren't in your original range

A useful tool that I've found: http://ip2cidr.com/ -- it has a bulk conversion tool where you can stick in a list of ranges and it poops out the proper Apache config for either allow or deny

In your case it'd be:

deny from 61.14.41.136/29
deny from 61.14.132.32/27
deny from 61.14.132.64/27
deny from 61.14.132.128/25

(as cd34 already pointed out too )

Last edited by MadCat; 2008-10-25 at 02:38 AM..
MadCat is offline   Reply With Quote
Old 2008-10-25, 03:05 PM   #4
Doug E
Kids are great, Appu. You can teach them to hate the things you hate and they practically raise themselves now-a-days, you know, with the internet and all
 
Doug E's Avatar
 
Join Date: Mar 2005
Location: Canadeh
Posts: 197
cd34, my man, i knew you'd be around for a good tech question like this

Ive been looking at that cidr math but my A.D.D. frame of mind was just saying no when I thought about all 350+ ranges I would have to do. I'm sure its simple once you get into it but by the time I did I'd be thinking about fluffy pink bunny rabbits or something.

Madcat, thanks bro! Thats exactly what I was googling for all day yesterday, thats perfect man. That'll be helping me out big time on all the shared servers I don't have root access to.

For my main server I think its time I hired someone to install mod_geoip for me

Thanks again gents!
Doug E is offline   Reply With Quote
Old 2008-10-25, 05:08 PM   #5
MadCat
If something's hard to do, then it's not worth doing
 
MadCat's Avatar
 
Join Date: Sep 2008
Location: Berlin, Germany
Posts: 247
Doug, you wanting to block certain countries? Just curious
MadCat is offline   Reply With Quote
Old 2008-11-06, 09:54 PM   #6
xxxman
Aw, Dad, you've done a lot of great things, but you're a very old man, and old people are useless
 
Join Date: Nov 2008
Posts: 22
why don't use iptables with iprange to block ips?

iptables -I INPUT -m iprange --src-range 61.14.132.0-61.14.132.255 -j DROP
xxxman is offline   Reply With Quote
Reply


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump


All times are GMT -4. The time now is 07:25 PM.


Mark Read
Powered by vBulletin® Version 3.8.1
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
© Greenguy Marketing Inc