How to block specific IP addresses from accessing my site on Cloud Sites?
On Cloud Sites, due to our unique hosting environment, we require a slight addition to the code used for the Allow/Deny feature. Basically the issue is that the requesting IP coming into a server is the IP of our load balancing server instead of the visitor's. This means limiting access on an IP level through .htaccess becomes problematic. The answer is that we provide an environment variable called X-Cluster-Client-Ip which has the visitor's ip.
In the .htaccess file containing your rules, place the following into your file:
Allowing only a certain IP/IP Addresses:
order deny,allow deny from all allow from env=allowclient SetEnvIf X-Cluster-Client-Ip 000.000.000.000 allowclient
Allowing only a certain IP/IP Addresses when your site is using SSL:
order deny,allow deny from all allow from env=allowclient SetEnvIf X-FORWARDED-FOR ^000.000.000.000$ allowclient
Replace 000.000.000.000 with your IP address. This will only allow your IP address to access your site, and is a great way to develop your site without restrictions.
You can repeat line 1 to allow multiple IPs.
Denying an IP/Multiple IP addresses:
Order Allow,Deny Deny from env=DenyAccess Allow from all SetEnvIf X-Cluster-Client-Ip "^000\.000\.000\.000" DenyAccess
Denying an IP/Multiple IP addresses when your site is using SSL:
Order Allow,Deny Deny from env=DenyAccess Allow from all SetEnvIf X-FORWARDED-FOR "^000\.000\.000\.000" DenyAccess
Replace 000\.000\.000\.000 with the IP address you want to deny. This will deny the IP address specified/multiple IP addresses (If you use multiple lines, as specified below).
You can repeat line 1 to deny multiple IP addresses.
Important note: Implementing this code may prevent images from loading on your cloud site. To address this you can add the following code do your .htaccess file:
<FilesMatch "\.(gif|jpe?p|png)$"> order deny,allow allow from env=allowclient </FilesMatch>
© 2014 Rackspace US, Inc.
Except where otherwise noted, content on this site is licensed under a Creative Commons Attribution-NonCommercial-NoDerivs 3.0 Unported License
See license specifics and DISCLAIMER