so i'm trying to use .htaccess to ban a large list (50,000) of suspicious spam IP addresses that i got from this site.
the list is almost 1M in size when i add the deny from directive for each address in the list…but when i apply the loaded .htaccess file to the server it barfs and no pages load with a 403 error.
my questions…
- is there a limit to the size of a .htaccess file?
- it there a limit to the number of
deny from
ip addresses that can be contained in the file? - is there a better way to do what im trying to do at the server level (I understand I could check the list in the webapp during submit but i'm trying to learn stuff)
Best Answer
There is no limit on the size of a .htaccess file other than the OS file size limits (usually 2GB or more). However, there are major performance implications involved in using .htaccess files because of the way that Apache processes them recursively (traversing the directory tree up) on every page load. In fact, Apache recommends against using .htaccess unless absolutely necessary, e.g. no access to higher-level config.
The standard way to handle IP blocking is with
iptables
, the built-in Linux firewall. You can use other applications to help manage iptables, such as Fail2ban. See this blog post for a way to do this with Fail2ban on a permanent basis. You can also block them by adding a route:route add -host 192.168.0.123 reject
. Remember that you can use entire classes of IP addresses with all of these, so that rather than listing 192.168.0.1, 192.168.0.2,... 192.168.0.254 you can specify the network: 192.168.0.0/24.Whatever method you use, remember to be very careful not to block yourself, especially from services such as SSH.