Deny line - all on one or one line for each?

[bingoldsby]

<Directory /whatever>
order allow,deny
deny 192.168.0.1
allow from all
</Directory>

For the above, can I put more that one ip addrdss on a line, such as - deny from 1.1.1.1, 2.2.2.2 - or do I have to set a new &quot;Deny from&quot; line for each unwanted ip? It doesn't specify at the Apache.org site.

Thanks, Brian

 

[maxit]

I believe its as follows:

deny 1.1.1.1 2.2.2.2
^
Just a space

if you do this:

Deny 1.1.1.1-2.2.2.2

It will deny all Ips from 1.1.1.1 all the way to 2.2.2.2
A comma in the config on this line means something different
Not sure on this but as far as I can remember I think this is correct.


Maxit

 

[ifincham]

Hi,

Yes - its just a space :

deny from 192.168.0.1 192.168.0.2 192.168.0.3

Also, you can use masks/CIDR notation like this :

deny from 192.168.0.0/255.255.255.0

or

deny from 192.168.0.0/24

or even

deny from 192.168.0

(the last three examples mean exactly the same thing)

See -->

http://httpd.apache.org/docs/mod/mod_access.html

Regards

 

[bingoldsby]

Hello again,

I have set 5 individual addresses on one line seperated by spaces. And I want to add another this morning after looking at the log. Shall I keep going or is it permissable to start a new line &quot;Deny from?&quot; Where will this all end and if all the hacking isn't getting anyone any results is it even necessary to try to block them in this manner. I don't want the system to have to analyze a hundred ip numbers before it can start serving pages for a legitimate request.

Brian