Quick apache .htaccess rules writer in PHP

Sometimes its good to have a quick .htaccess rules writer for your server / host, to block a larger number of IP addresses from accessing stuff on your site, like spam bots, or people (bored kids ?) who try to hack into your site or blog. If you use any kind of statistics plugin on your WordPress blog, or any other stats on other platforms, you can most likely see the IP addresses and the paths these visitors have taken, trying to access your site in an unauthorized way, like trying to exploit a revolution slider vulnerability to show your config.php, or some other plugin.

htaccess rules

So here’s the quickest way to deal with these IP addresses, presuming you are on a Linux box with PHP installed, or on any computer with PHP available in command line (php5-cli package on Debian/Ubuntu/mint/fedora/q4os , basically, on most modern linux systems, and xampp or wampp package on windows based machines).

Image 1. Visitor trying to gain unauthorized access to wp-config.php

Open any simple text editor, nano, gedit, pluma, kate, notepad, whatever you are using to edit simple text files.

Browse through your statistics and copy the IP addresses in question. You can quickly find the ones that are well, dubious, to say the least. (See image 1 , for example). Copy the IP address and paste it line-by-line in the simple text file.

After having browsed through your log and having collected a number of IP addresses, save the file with any name, make sure you remember it, and its placement, so you’ll know what to enter in the PHP script you’ll write in a moment, for instance, parseme.txt.

Its actually a good idea to keep the file and change its content every time you start capturing these bad IP addresses, in every IP hunting session, you clear the contents of the file and paste into it the lines / IPs youve captured in this session, and then save and parse the file with the PHP script.

And after saving the file, you parse it with a tiny php script, that you can use either on the command line, or in your browser.

Heres the script:

<?php

$content = file_get_contents(parseme.txt);
$snippets= explode(\n, $content);
$nrsn= count($snippets);
$nrsn=$nrsn-1;
echo \n\n;
for($i=0;$i<$nrsn;$i++)
{
echo RewriteCond %{REMOTE_ADDR} ^ . $snippets[$i] . $ [OR]\n;
}
?>

Replace the \n with <br> if you intend to run the script in your browser, or leave it as it is, if you intend to run it as I do, in the command line / terminal.

Save the php script with a name thats intuitive, like htdprocess.php (.htaccess denier-processor), and then run it in the terminal with

php -f htdprocess.php (dont forget to make the script executable, with chmod +x or chmod 755, if youre on linux),

and copy the output and put it on your server, in your .htaccess file, and save it.

Now, IF YOU ARE DOING THIS FOR THE FIRST TIME, meaning you have no other rewrite rules set yet in your .htaccess, you must remove the [OR] conditional operator from the LAST line in the IP address block, and also add these two lines BEFORE the lines with the IP blocks:

RewriteEngine On

RewriteBase /

(also, pay attention to capitalization ! It does matter) AND after the IP block that you’ve inserted, add this line:

RewriteRule ^.*$ [F]

Presuming you have mod_rewrite enabled on your server or hosting account (most hosts, even free ones, have it installed, these days), the IP addresses in question will NEVER be able to access anything on your site, they will be denied.

Your entire blocklist in your .htaccess will look like this:

RewriteBase /
RewriteEngine On

RewriteCond %{REMOTE_ADDR} ^201.94.151.6$ [OR]
RewriteCond %{REMOTE_ADDR} ^94.23.29.174$ [OR]
RewriteCond %{REMOTE_ADDR} ^195.202.64.253$ [OR]
RewriteCond %{REMOTE_ADDR} ^192.166.96.87$ [OR]
RewriteCond %{REMOTE_ADDR} ^46.119.115.165$
RewriteRule ^.*$ [F]

Now obviously, since you care for your site/blog and you’ll do this checking for bad actors / bad IP addresses along the line, youll catch more and more IP addresses that need to be inserted into the block. No worries, simpy use the method outlined above (copy to the text file, and then parse it with the php script, and insert the output with the IP addresses in .htaccess.) to add the newly captured IP’s ABOVE the already existing ones. Why ABOVE the block ? Well, because the PHP script writes the conditional [OR] operator at the end of every line with an IP address, so its simply faster to add it above the already existing block, instead of adding it below it, and then removing the [OR] operator from the last line.

And in case you want to directly download the PHP script, its RIGHT HERE (simply click on the link and save the file).

Let me know in the comments if you need help making sense of this all.

Leave a Reply

Your email address will not be published. Required fields are marked *