You are here: .htaccess blocklists

Block Access to Your Website with a .htaccess Blocklist

Blocklists compiled and maintained by Wizcrafts Computer Services

Wiz Feinberg Wizcrafts has been publishing .htaccess formatted IP blocklists (a.k.a. blacklists), for Apache-based websites, since 2005. They are used by many webmasters to deny access to spammers, scammers, scrapers, harvesters and server exploiters. One of the most famous of these is the Nigerian Blocklist, used by forum administrators to block Nigerian scammers from viewing or replying to ads and auctions, or registering new accounts to scam forum members.

This information applies to people who have websites hosted by web hosting companies, using Linux/Apache based web servers, which are shared with other customers. There may be tens, or hundreds of other websites hosted on one server box and you only have control over your own domains, which are hosted on that server. Maybe you have a forum, or blog, or classified ads section that is overrun with scammers or spammers and want to keep them out. Or, perhaps your website is getting probed for vulnerabilities by other servers under the control of hackers, or your content is being "harvested" or "scraped" by competitors, or by other websites who steal your good content to use as their own. Might be you want to block an entire country from your website, or forum. In order to control who is and isn't allowed to access your web pages you can create or edit a special server file, inserting text "directives" that either allow or deny access to visitors based on their IP address.

Apache web servers use a special access control file named .htaccess, which uses a combination of plain text directives to allow or deny access to files or folders on the website, or in specific directories of that site (e.g. forums, blogs, classified ads). The .htaccess file is also used to create custom redirect rules for files, folders and entire websites that have been moved, deleted, or are temporarily or permanently gone. The proper location for your .htaccess file is in the web root. This is typically a directory named public_html, or web, depending on your web hosting company. However, .htaccess files can also be placed inside sub-directories, where they only control the contents of that directory and it's sub-directories. Since it is common practice to create a sub-domain for a forum, you could place a custom .htaccess file inside the main directory for the forum, and deny access as is necessary with rules in our .htaccess blocklists.

All you require to create or modify a .htaccess file is a text editor that can save as ANSI or ASCII text, like Windows Notepad, Notepad++, NoteTab Pro, or CoffeeCup HTML Editor, plus an FTP program, or your website's (cPanel) File Manager to upload files, and the ability to see (unhide) and edit your .htaccess file, with "mod_authz_host" overrides.

Please note, if your website is hosted on a server that has been, or is going to be upgraded to Apache 2.4 or newer, it must have the new Apache module named "mod_access_compat" installed in order for the directives in my .htaccess blocklists to continue to work. See links below for Apache 2.4+ blocklists

The .htaccess file begins with a period, which makes it appear to have no prefix to Windows users. However, to a Unix based web server any file that begins with a period is considered a hidden system file. If you manage your website by using an FTP Client (program) to upload files it may require you to enter a special code, or check a box that allows hidden server files to be displayed. For example, WS_FTP (a very popular FTP Client) has a place to add the code -al (that is a lowercase L) in the startup configuration of sites that are added to the Site list. This code tells the server to display hidden files like .htaccess. If you are using WS_FTP open the Site Manager, create a website connection, or select an existing one (left click once), click the Edit button to open the Site Options, then click on the Startup link in Site Options. Find the input field named "Remote file mask" and type -al in it, then click OK to save the change. Now, when you log onto the website you will be able to view, edit, upload or download normally hidden files like .htaccess.

If you do not use an FTP Client to upload files, but are using a web-based control panel, it is entirely up to your web host as to whether or not you can create, view, alter, or upload .htaccess files.

Important Notice! Check your own IP address before installing any of our blocklists into your website. Your ISP may be on one of these blocklists, which means you could be denied access to your own website, if the blocklist containing your IP has been installed. Be careful when creating, editing, or pasting codes into a .htaccess file, because if you type an invalid term, directive, or character, or add an unescaped space in a regular expression, you may cause a Server 500 error to occur, locking everybody out of the website, except via FTP access (with login credentials).

Our .htaccess blocklists:

For Apache 2.3 and under
For Apache 2.4 and newer

Last updated: Chinese (BD) blocklist, on April 13, 2024.

My cat, pleading for contributions to help finance my blocklist research If you find these blocklists useful, please Donate to Wizcrafts. Contributions from people like you, who benefit from these blocklists, will enable this work to continue.

(back to top)