Deny IP Range (CIDR notation)

Topics: User Forum
Feb 27, 2010 at 3:31 AM

With .htaccess, we can do something like:

deny from 200.12.248.0/21
deny from 201.229.0.0/18

I am wondering if we can do the same with IIRF or are we limited to RegEx format.  If we are limited to RegEx, does anyone know if there is a quick converter to bulk-parse CIDR to RegEx?

Thanks!

Coordinator
Feb 28, 2010 at 3:37 AM

Yes, you have to check the examples

http://cheeso.members.winisp.net/Iirf20Help/html/1ccbf1ec-0984-49d9-9ab0-63eab3ff9c63.htm

There are some examples of blocking requests by IP Address.

Feb 28, 2010 at 4:08 PM

Thank you for your reply.

However, what if I have a list of over 500+ IP ranges in CIDR notation in different size.

To be exact, I wish to block my website from access from Australia using the information found in this website:

http://www.countryipblocks.net/country-blocks/

If IIRF only support blocking by RegEx (and not CIDR), then I will have to convert all 500+ lines of CIDR notations to RegEx, right?

Coordinator
Mar 1, 2010 at 7:08 PM

Yes.  Or, you could also use a RewriteMap, a feature that was added to IIRF in v2.1.   (Check the docs)

One way or the other, the list of banned IPs has to be available.

As far as bulk-parsing, it should be a simple Perl script.  If you don't write perl, try elance.com.  You can contract out mini programming jobs, quickly.