How to Blacklist or Whitelist IP’s on Your Website

In this how-to, we’ll cover how you can blacklist or whitelist an IP on your website with the help of .htaccess or Cloudflare. We’ll also discuss why and when you should want to do so.

What is IP blacklisting?

IP blacklisting is a method to block all (malicious, illegitimate or not wanted) traffic to your website by blocking IP addresses.

What is IP whitelisting?

IP whitelisting is the opposite of IP blacklisting where you grant an IP access to your website instead of blocking it. 

When and why should I want to blacklist or whitelist an IP?

Blacklisting an IP (blocking) from accessing your website should be done if you experience malicious, illegitimate or not wanted traffic to your website from one or more IP addresses. Blacklisting an IP can result in your website being more secure and can prevent your website from going down due to a DDoS attack for example. 

Whitelisting an IP (granting) should be done if you want to give one or more IP addresses access to your website. Combining blacklisting and whitelisting could be particularly useful if you are developing a website and want to only give certain IP addresses access to your website and block all others

Blacklist/whitelist IP’s in .htaccess

You can whitelist / blacklist any IP addresses of your choice by editing the .htaccess file on your server.

This is an example of how to only whitelist your IP address:

order deny,allow
deny from all
allow from <your ip> 

This is an example of how to blacklist an IP address: 

Deny from <your ip>

Blacklisting an IP using .htaccess will give the blocked IP a 403 Forbidden HTTP status code if they try to visit your website:

Blacklist/whitelist IP’s in Cloudflare

If you have Cloudflare attached to your website then you can make an IP Access Rule:

  1. Log in to your Cloudflare account.
  2. Select your domain.
  3. Click the Security app.
  4. Click on the Tools tab.
  5. Under IP Access Rules, enter the following details:
  6. Enter the Value as an IP, IP range, or two-letter country code.
  7. Select an Action. Block = Blacklist. Allow = Whitelist
  8. Select whether the rule applies to This website or All websites in the account.
  9. (Optional) add a Note (i.e. Payment Gateway).
  10. Click Add.

As always, should you have any additional questions please don’t hesitate to contact our support chat at!