Not all traffic reaching your website is legitimate. Malicious bots, unauthorized access attempts, and brute force attacks are common threats that can compromise the security and performance of your server. Blocking unwanted IP addresses is one of the most effective ways to protect your website.
In this article, you will learn two methods to block IP addresses: through cPanel's IP Blocker tool and manually via the .htaccess file.
Benefits of blocking IP addresses
- Protect your website: Prevent attack attempts and keep your site safe from potential threats.
- Reduce unwanted traffic: Block unauthorized access, spam, and malicious traffic, improving the experience for legitimate visitors.
- Improve performance: By reducing unwanted requests, you free up server resources and your site responds faster.
- Save bandwidth: Prevent malicious IPs from consuming your monthly transfer.
Method 1: IP Blocker in cPanel
This is the simplest method and does not require advanced technical knowledge.
Block an IP address
- Log in to your cPanel account.
- Under the Security section, click on IP Blocker.
- In the Add an IP or Range field, enter the IP address you want to block. You can use the following formats:
192.168.1.100 — Single IP
192.168.1.0/24 — Full range (class C, 256 IPs)
192.168.1.0/28 — Specific range (16 IPs)
192.168.1.50-192.168.1.100 — Custom range
- Click the Add button to confirm the block.
- The IP will appear in the list of blocked addresses at the bottom of the page.
Unblock an IP address
- In the same IP Blocker section, locate the Currently-Blocked IP Addresses list.
- Click the Delete button next to the IP address you want to unblock.
- Confirm the action and the IP will be removed from the block list immediately.
Method 2: Manual blocking with .htaccess
This method is useful when you need more control or want to block IPs in specific directories. It works on Apache servers.
Block individual IPs
Add the following lines to the .htaccess file located in the root of your site (public_html):
<RequireAll>
Require all granted
Require not ip 192.168.1.100
Require not ip 10.0.0.50
</RequireAll>
Block an IP range
<RequireAll>
Require all granted
Require not ip 192.168.1.0/24
</RequireAll>
Note: The Require syntax is compatible with Apache 2.4 and later, which is the version used in current cPanel releases. If your server uses an older version of Apache, you will need to use the Deny from syntax.
Legacy syntax (Apache 2.2)
If for some reason your server still uses Apache 2.2, the equivalent syntax is:
Order Allow,Deny
Allow from all
Deny from 192.168.1.100
Deny from 10.0.0.50
How to identify problematic IPs
Before blocking an IP, it is important to confirm that it is actually malicious traffic. You can identify suspicious IPs by reviewing the following resources:
- cPanel Metrics: Under the Metrics section, access Raw Access or Visitors to see the IPs generating the most requests.
- Access logs via SSH: Review the Apache access log with the following command:
cat /home/user/access-logs/yourdomain.com | awk '{print $1}' | sort | uniq -c | sort -rn | head -20
This command will show you the top 20 IP addresses with the most requests to your website.
- External tools: You can check the reputation of a suspicious IP using services like
abuseipdb.com or ipinfo.io.
Recommendations
- Do not block IP addresses without first verifying that the traffic is malicious. You could block legitimate visitors or third-party services such as search engine bots (Googlebot, Bingbot, etc.).
- If you need to block a large range of IPs, use CIDR notation (for example
/24) instead of adding each IP individually. - Periodically review the list of blocked IPs and remove those that no longer pose a threat.
- For advanced protection against DDoS attacks or massive traffic, consider using a service like Cloudflare or Webzi's Web Guardians service.