htaccess ip range deny paid assistance needed
 

I'm trying to put 350 ip ranges into proper format for htaccess to deny them. I need the specific ranges blocked, nothing more.

range examples...

61.14.41.136 61.14.41.143
61.14.132.32 61.14.132.95
61.14.132.128 61.14.132.255
61.14.133.32 61.14.133.47

htaccess entry...

order allow,deny
deny from I.P/RA.NG.E.1
deny from I.P/RA.NG.E.2
deny from AN.D/SO.ON
allow from all

If you know how, have the time, and are willing to do it for me contact me on ICQ with a quote. I can pay epass, paypal, xoom.

221684077

Thanks

Well, the first thing you would need to do is to find the netblocks that are associated with each one.

The first one consists of 8 addresses, which is a /29

61.14.41.136/29 is that netblock

The second one is not truly on a valid netblock boundary, but, I believe apache will still parse it properly. Since it is 64 IPs,

61.14.132.32/26 would match that netblock

61.14.132.128/25 covers that block.

61.14.133.32/28 covers the last block.

Its all CIDR math. So, the simple conversion is to take the size of the block, i.e. 16 IPs, which is 2**4. 32-4 = 28, which is your CIDR subnet.

So, if you take your list, figure out the number of IPs in the range, and determine the CIDR netmask, you can convert it to the CIDR notation, and append it to the starting IP in the block.

The last block will still be covered except you'll block a couple IP addresses at the end of the block that weren't in your original range :)

A useful tool that I've found: http://ip2cidr.com/ -- it has a bulk conversion tool where you can stick in a list of ranges and it poops out the proper Apache config for either allow or deny :)

In your case it'd be:

deny from 61.14.41.136/29
deny from 61.14.132.32/27
deny from 61.14.132.64/27
deny from 61.14.132.128/25

(as cd34 already pointed out too :D)

cd34, my man, i knew you'd be around for a good tech question like this :)

Ive been looking at that cidr math but my A.D.D. frame of mind was just saying no when I thought about all 350+ ranges I would have to do. I'm sure its simple once you get into it but by the time I did I'd be thinking about fluffy pink bunny rabbits or something.

Madcat, thanks bro! Thats exactly what I was googling for all day yesterday, thats perfect man. That'll be helping me out big time on all the shared servers I don't have root access to.

For my main server I think its time I hired someone to install mod_geoip for me ;)

Thanks again gents!

Doug, you wanting to block certain countries? Just curious :)

why don't use iptables with iprange to block ips?

iptables -I INPUT -m iprange --src-range 61.14.132.0-61.14.132.255 -j DROP