Skip to content

Instantly share code, notes, and snippets.

@rutger1140
Created October 8, 2014 15:30
Show Gist options
  • Star 6 You must be signed in to star a gist
  • Fork 1 You must be signed in to fork a gist
  • Save rutger1140/fb028ff4241a35e3eaba to your computer and use it in GitHub Desktop.
Save rutger1140/fb028ff4241a35e3eaba to your computer and use it in GitHub Desktop.
Kirby CMS htaccess file - SEO optimized - 1000+ spam related IP blocks
# pass the default character set
AddDefaultCharset utf-8
php_flag short_open_tag on
ErrorDocument 404 /error
# Kirby .htaccess
# exclude panel from trailing slash removal
RewriteCond %{REQUEST_URI} !^/panel/ [NC]
# remove trailing slash
RewriteRule ^(.*)/$ $1 [R=301,L]
AddType image/svg+xml .svg
AddOutputFilterByType DEFLATE image/svg+xml
# rewrite rules
<IfModule mod_rewrite.c>
# enable awesome urls. i.e.:
# http://yourdomain.com/about-us/team
RewriteEngine on
# make sure to set the RewriteBase correctly
# if you are running the site in a subfolder.
# Otherwise links or the entire site will break.
#
# If your homepage is http://yourdomain.com/mysite
# Set the RewriteBase to:
#
# RewriteBase /mysite
#
RewriteBase /
# block text files in the content folder from being accessed directly
RewriteRule ^content/(.*)\.(txt|md|mdown)$ error [R=301,L]
# block all files in the site folder from being accessed directly
RewriteRule ^site/(.*) error [R=301,L]
# block all files in the kirby folder from being accessed directly
RewriteRule ^kirby/(.*) error [R=301,L]
# make panel links work
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^panel/(.*) panel/index.php [L]
# make site links work
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^(.*) index.php [L]
</IfModule>
# www. to non www
<IfModule mod_rewrite.c>
RewriteBase /
RewriteRule ^(([^./]+/)*[^./]+)$ /$1/ [L,R=301]
RewriteCond %{HTTP_HOST} ^www.domain.com [NC]
RewriteRule ^(.*)$ http://domain.com/$1 [L,R=301]
RewriteCond %{THE_REQUEST} ^.*/index.*
RewriteRule ^(.*)index.*$ http://domain.com [R=301,L]
</IfModule>
# ensure robots txt file is in the correct place
RedirectMatch 301 (?i)(?<!^)/robots\.txt$ domain.com/robots.txt
# forbids the practice of other sites including your images inline in their pages
RewriteCond %{HTTP_REFERER} !^http(s)?://(www\.)?domain.com [NC]
RewriteRule \.(jpg|jpeg|png|gif|svg)$ - [NC,F,L]
# rewrite rule for image theft to: http://i.imgur.com/qX4w7.gif
# RewriteEngine On
# RewriteCond %{HTTP_REFERER} !^http://(.+\.)?domain\.com/ [NC]
# RewriteCond %{HTTP_REFERER} !^$
# RewriteRule .*\.(jpe?g|gif|bmp|png)$ http://i.imgur.com/qX4w7.gif [L]
# expiry headers
<ifModule mod_expires.c>
ExpiresActive On
ExpiresDefault "access plus 1 seconds"
ExpiresByType text/html "access plus 1 seconds"
ExpiresByType image/gif "access plus 2592000 seconds"
ExpiresByType image/jpeg "access plus 2592000 seconds"
ExpiresByType image/png "access plus 2592000 seconds"
ExpiresByType text/css "access plus 604800 seconds"
ExpiresByType text/javascript "access plus 216000 seconds"
ExpiresByType application/x-javascript "access plus 216000 seconds"
</ifModule>
<IfModule mod_headers.c>
<FilesMatch "\.(js|css|xml|gz)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
# cache control
<ifModule mod_headers.c>
<filesMatch "\\.(ico|pdf|flv|jpg|jpeg|png|gif|swf|svg|woff)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\\.(css)$">
Header set Cache-Control "max-age=2592000, public"
</filesMatch>
<filesMatch "\\.(js)$">
Header set Cache-Control "max-age=2592000, private"
</filesMatch>
<filesMatch "\\.(xml|txt)$">
Header set Cache-Control "max-age=216000, public, must-revalidate"
</filesMatch>
<filesMatch "\\.(html|htm|php)$">
Header set Cache-Control "max-age=1, private, must-revalidate"
</filesMatch>
</ifModule>
# block visitors referred from indicated domains
<IfModule mod_rewrite.c>
SetEnvIfNoCase ^User-Agent$ .*(craftbot|download|extract|stripper|sucker|ninja|clshttp|webspider|leacher|collector|grabber|webpictures) HTTP_SAFE_BADBOT
SetEnvIfNoCase ^User-Agent$ .*(libwww-perl|aesop_com_spiderman) HTTP_SAFE_BADBOT
Deny from env=HTTP_SAFE_BADBOT
</ifModule>
# prevent hacks
# proc/self/environ? no way!
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
# block out any script trying to set a mosConfig value through the URL
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
# block out any script trying to base64_encode crap to send via URL
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
# block out any script that includes a <script> tag in URL
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
# block out any script trying to set a PHP GLOBALS variable via URL
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
# block out any script trying to modify a _REQUEST variable via URL
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
# send all blocked request to homepage with 403 Forbidden error!
RewriteRule ^(.*)$ index.php [F,L]
Options +FollowSymLinks -MultiViews
# turn mod_rewrite on
RewriteEngine On
RewriteRule playlist/* /
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
<IfModule mod_headers.c>
<FilesMatch "\.(svg)$">
Header append Vary: Accept-Encoding
</FilesMatch>
</IfModule>
<ifModule mod_headers.c>
Header set Connection keep-alive
</ifModule>
# defining MIME types to ensure the web server actually knows about them.
<IfModule mod_mime.c>
AddType application/javascript js
AddType application/vnd.ms-fontobject eot
AddType application/x-font-ttf ttf ttc
AddType font/opentype otf
AddType application/x-font-woff woff
AddType image/svg+xml svg svgz
AddEncoding gzip svgz
</Ifmodule>
# compressing output.
<IfModule mod_deflate.c>
AddOutputFilterByType DEFLATE text/text/ text/html text/plain text/xmk text/css application/json application/x-javascript application/javascript text/javascript
AddOutputFilterByType DEFLATE application/javascript
AddOutputFilterByType DEFLATE text/xml application/xml text/x-component
AddOutputFilterByType DEFLATE application/xhtml+xml application/rss+xml application/atom+xml
AddOutputFilterByType DEFLATE image/x-icon image/svg+xml application/vnd.ms-fontobject application/x-font-ttf font/opentype
</Ifmodule>
# minimize image flicker in IE6
ExpiresActive On
ExpiresByType image/gif A2592000
ExpiresByType image/jpg A2592000
ExpiresByType image/png A2592000
# server signature off / prevent hacks
ServerSignature Off
# reduce spam by blocking country ip's (order deny,allow means block first then allow)
<Files *>
order deny,allow
deny from *.ru
deny from *.cn
# Cambodia (KH)
deny from 114.134.184.0/21
# Chinese (CN) IP addresses follow:
deny from 1.80.0.0/13 1.92.0.0/14 1.192.0.0/13 1.202.0.0/15 1.204.0.0/14 14.144.0.0/12 14.208.0.0/12 23.80.54.0/24 23.104.141.0/24 23.105.14.0/24 27.8.0.0/13 27.16.0.0/12 27.36.0.0/14 27.40.0.0/13 27.50.128.0/17 27.54.192.0/18 27.106.128.0/18 27.115.0.0/17 27.148.0.0/14 27.152.0.0/13 27.184.0.0/13 36.32.0.0/14 36.248.0.0/14 42.96.128.0/17 42.120.0.0/15 58.16.0.0/15 58.20.0.0/16 58.21.0.0/16 58.22.0.0/15 58.34.0.0/16 58.37.0.0/16 58.38.0.0/16 58.40.0.0/16 58.42.0.0/16 58.44.0.0/14 58.48.0.0/13 58.56.0.0/15 58.58.0.0/16 58.59.0.0/17 58.60.0.0/14 58.68.128.0/17 58.82.0.0/15 58.100.0.0/15 58.208.0.0/12 58.242.0.0/15 58.246.0.0/15 58.248.0.0/13 59.32.0.0/12 59.51.0.0/16 59.52.0.0/14 59.56.0.0/13 59.72.0.0/16 59.108.0.0/15 59.172.0.0/14 60.0.0.0/13 60.11.0.0/16 60.12.0.0/16 60.24.0.0/13 60.160.0.0/11 60.194.0.0/15 60.208.0.0/13 60.216.0.0/15 60.220.0.0/14 61.4.64.0/20 61.4.80.0/22 61.4.176.0/20 61.48.0.0/13 61.128.0.0/10 61.135.0.0/16 61.136.0.0/18 61.139.0.0/16 61.145.73.208/28 61.147.0.0/16 61.152.0.0/16 61.154.0.0/16 61.160.0.0/16 61.162.0.0/15 61.164.0.0/16 61.175.0.0/16 61.177.0.0/16 61.179.0.0/16 61.183.0.0/16 61.184.0.0/16 61.185.219.232/29 61.187.0.0/16 61.188.0.0/16 61.232.0.0/14 61.236.0.0/15 61.240.0.0/14 101.64.0.0/13 101.72.0.0/14 101.76.0.0/15 101.80.0.0/12 103.253.4.0/22 106.112.0.0/13 110.6.0.0/15 110.51.0.0/16 110.52.0.0/15 110.80.0.0/13 110.88.0.0/14 110.96.0.0/11 110.173.0.0/19 110.173.32.0/20 110.173.64.0/18 110.192.0.0/11 110.240.0.0/12 111.0.0.0/10 111.72.0.0/13 111.121.0.0/16 111.128.0.0/11 111.160.0.0/13 111.172.0.0/14 111.176.0.0/13 111.228.0.0/14 112.0.0.0/10 112.64.0.0/14 112.80.0.0/12 112.100.0.0/14 112.111.0.0/16 112.122.0.0/15 112.224.0.0/11 113.0.0.0/13 113.8.0.0/15 113.12.0.0/14 113.16.0.0/15 113.18.0.0/16 113.62.0.0/15 113.64.0.0/10 113.128.0.0/15 113.136.0.0/13 113.194.0.0/15 113.204.0.0/14 114.28.0.0/16 114.80.0.0/12 114.96.0.0/13 114.104.0.0/14 114.112.0.0/14 112.109.128.0/17 114.216.0.0/13 114.224.0.0/11 115.24.0.0/15 115.28.0.0/15 115.32.0.0/14 115.48.0.0/12 115.84.0.0/18 115.100.0.0/15 115.148.0.0/14 115.152.0.0/15 115.168.0.0/14 115.212.0.0/16 115.230.0.0/16 115.236.96.0/23 115.236.136.0/22 115.239.228.0/22 116.1.0.0/16 116.2.0.0/15 116.4.0.0/14 116.8.0.0/14 116.16.0.0/12 116.52.0.0/14 116.76.0.0/15 116.90.80.0/20 116.112.0.0/14 116.128.0.0/10 116.204.0.0/15 116.208.0.0/14 116.224.0.0/12 116.254.128.0/18 117.8.0.0/13 117.21.0.0/16 117.22.0.0/15 117.24.0.0/13 117.32.0.0/13 117.40.0.0/14 117.44.0.0/15 117.79.224.0/20 117.80.0.0/12 117.136.0.0/13 118.26.0.0/16 118.72.0.0/13 118.112.0.0/13 118.120.0.0/14 118.132.0.0/14 118.144.0.0/14 118.180.0.0/14 118.186.0.0/15 118.192.0.0/16 118.248.0.0/13 119.0.0.0/13 119.8.0.0/16 119.10.0.0/17 119.18.192.0/20 119.36.0.0/16 119.57.0.0/16 119.60.0.0/16 119.88.0.0/14 119.96.0.0/13 119.112.0.0/13 119.120.0.0/13 119.128.0.0/12 119.144.0.0/14 119.164.0.0/14 119.176.0.0/12 119.233.0.0/16 120.0.0.0/12 120.24.0.0/14 120.32.0.0/13 120.40.0.0/14 120.68.0.0/14 120.80.0.0/13 120.192.0.0/10 121.0.16.0/20 121.8.0.0/13 121.16.0.0/12 121.32.0.0/14 121.60.0.0/14 121.76.0.0/15 121.204.0.0/14 121.224.0.0/12 122.10.128.0/17 122.51.128.0/17 122.64.0.0/11 122.119.0.0/16 122.136.0.0/13 122.156.0.0/14 122.188.0.0/14 122.192.0.0/14 122.198.0.0/16 122.200.64.0/18 122.224.0.0/12 123.4.0.0/14 123.8.0.0/13 123.52.0.0/14 123.64.0.0/11 123.97.128.0/17 123.100.0.0/19 123.112.0.0/12 123.128.0.0/13 123.138.0.0/15 123.150.0.0/15 123.152.0.0/13 123.164.0.0/14 123.180.0.0/14 123.184.0.0/14 123.196.0.0/15 123.232.0.0/14 123.249.0.0/16 124.42.64.0/18 124.64.0.0/15 124.67.0.0/16 124.73.0.0/16 124.114.0.0/15 124.126.0.0/15 124.128.0.0/13 124.160.0.0/15 124.162.0.0/16 124.163.0.0/16 124.192.0.0/15 124.200.0.0/13 124.226.0.0/15 124.228.0.0/14 124.236.0.0/14 124.240.0.0/17 124.240.128.0/18 124.248.0.0/17 125.36.0.0/14 125.40.0.0/13 125.64.0.0/12 125.79.0.0/16 125.80.0.0/13 125.88.0.0/13 125.104.0.0/13 125.112.0.0/12 125.210.0.0/15 140.224.0.0/16 140.246.0.0/16 140.249.0.0/16 159.226.0.0/16 171.34.0.0/15 171.36.0.0/14 171.40.0.0/13 175.0.0.0/12 175.16.0.0/13 175.24.0.0/14 175.30.0.0/15 175.42.0.0/15 175.44.0.0/16 175.46.0.0/15 175.48.0.0/12 175.64.0.0/11 175.102.0.0/16 175.106.128.0/17 175.146.0.0/15 175.148.0.0/14 175.152.0.0/14 175.160.0.0/12 175.178.0.0/16 175.184.128.0/18 175.185.0.0/16 175.186.0.0/15 175.188.0.0/14 180.76.0.0/16 180.96.0.0/11 180.136.0.0/13 180.152.0.0/13 180.208.0.0/15 182.18.0.0/17 182.88.0.0/14 182.112.0.0/12 182.128.0.0/12 183.0.0.0/10 183.64.0.0/13 183.129.0.0/16 183.160.0.0/12 183.184.0.0/13 183.192.0.0/11 192.74.224.0/19 198.2.203.64/28 198.2.212.160/28 202.43.144.0/22 202.46.32.0/19 202.66.0.0/16 202.75.208.0/20 202.96.0.0/12 202.111.160.0/19 202.112.0.0/14 202.117.0.0/16 202.165.176.0/20 202.196.80.0/20 203.69.0.0/16 203.86.0.0/18 203.86.64.0/19 203.93.0.0/16 203.169.160.0/19 203.171.224.0/20 210.5.0.0/19 210.14.128.0/19 210.21.0.0/16 210.32.0.0/14 210.51.0.0/16 210.52.0.0/15 210.77.0.0/16 210.192.96.0/19 211.76.96.0/20 211.78.208.0/20 211.86.144.0/20 211.90.0.0/15 211.92.0.0/14 211.96.0.0/13 211.136.0.0/13 211.144.12.0/22 211.144.96.0/19 211.144.160.0/20 211.147.208.0/20 211.147.224.0/23 211.152.14.0/24 211.154.64.0/19 211.154.128.0/19 211.155.24.0/22 211.157.32.0/19 211.160.0.0/13 211.233.70.0/24 218.0.0.0/11 218.56.0.0/13 218.64.0.0/11 218.88.0.0/13 218.96.0.0/14 218.102.0.0/16 218.104.0.0/14 218.108.0.0/15 218.194.80.0/20 218.200.0.0/13 218.240.0.0/13 219.128.0.0/11 219.154.0.0/15 219.223.192.0/18 219.232.0.0/16 219.234.80.0/20 219.235.0.0/16 220.112.0.0/16 220.154.0.0/15 220.160.0.0/11 220.181.0.0/16 220.191.0.0/16 220.192.0.0/12 220.228.70.0/24 220.242.0.0/15 220.248.0.0/14 220.250.0.0/19 220.252.0.0/16 221.0.0.0/12 221.122.0.0/15 221.176.0.0/13 221.192.0.0/14 221.200.0.0/14 221.204.0.0/15 221.206.0.0/16 221.207.0.0/16 221.208.0.0/12 221.212.0.0/15 221.214.0.0/15 221.216.0.0/13 221.224.0.0/13 221.228.0.0/14 221.232.0.0/13 222.32.0.0/11 222.64.0.0/12 222.80.0.0/12 222.132.0.0/14 222.136.0.0/13 222.168.0.0/13 222.172.222.0/24 222.176.0.0/13 222.184.0.0/13 222.200.0.0/16 222.208.0.0/13 222.219.0.0/16 222.220.0.0/15 222.240.0.0/13 223.4.0.0/14 223.64.0.0/11 223.144.0.0/12 223.240.0.0/13
# Hong Kong (HK)
deny from 58.65.232.0/21 59.148.0.0/15 103.253.96.32/22 110.173.48.0/20 112.121.160.0/19 113.10.128.0/17 113.252.0.0/14 118.140.0.0/14 121.127.224.0/19 122.10.0.0/17 123.242.229.0/24 147.8.0.0/16 180.235.134.0/24 202.69.64.0/19 202.85.128.0/19 202.133.8.0/21 203.78.32.0/21 203.198.0.0/16 203.218.0.0/16 210.176.0.0/19 210.176.48.0/20 210.176.64.0/18 210.176.128.0/17 210.177.0.0/16 210.209.64.0/18 218.103.0.0/16 218.250.0.0/16 218.252.0.0/14 219.76.0.0/14 219.90.112.0/20 222.166.0.0/16 223.16.0.0/14
# India (IN), Bangladesh (BD) and Pakistan (PK)
deny from 14.96.0.0/14 14.139.0.0/16 14.194.0.0/15 27.248.0.0/14 27.255.0.0/18 27.255.128.0/24 39.32.0.0/11 49.15.0.0/18 49.200.0.0/14 49.248.0.0/17 59.88.0.0/13 59.96.0.0/14 59.160.0.0/14 59.164.0.0/15 9.176.0.0/13 59.184.0.0/15 61.247.238.0/24 101.56.0.0/13 112.110.0.0/16 113.19.0.0/16 113.212.64.0/19 114.31.224.0/20 115.108.0.0/14 115.167.24.0/24 115.240.0.0/12 116.72.0.0/14 116.202.12.0/22 116.203.0.0/16 117.192.0.0/10 119.152.0.0/13 119.160.0.0/17 120.56.0.0/13 120.138.98.0/24 121.240.0.0/13 122.160.0.0/12 122.176.0.0/13 122.184.0.0/14 123.49.0.0/18 123.236.0.0/14 124.124.0.0/15 124.247.235.0/24 124.253.8.0/21 125.209.64.0/18 139.190.0.0/16 171.48.0.0/12 180.215.0.0/16 182.64.0.0/12 182.176.0.0/12 183.82.0.0/15 193.53.87.0/24 202.54.0.0/16 202.63.160.0/19 202.87.240.0/20 202.137.232.0/21 202.154.224.0/24 203.76.176.0/20 203.92.47.0/24 203.115.80.0/20 203.135.62.0/24 203.188.247.0/24 203.192.231.0/24 203.197.0.0/16 206.214.208.0/20 210.211.128.0/17 210.212.64.0/20 218.248.0.0/20 223.130.4.0/22
# Indonesia (ID)
deny from 36.84.0.0/16 49.50.4.0/22 49.50.8.0/22 103.253.0.0/22 110.136.176.0/20 110.139.0.0/16 111.95.0.0/16 114.79.18.0/24 116.12.40.0/21 116.66.200.0/21 116.254.96.0/21 118.96.0.0/15 119.110.68.0/24 119.235.16.0/20 119.252.162.0/24 120.160.0.0/11 124.6.36.0/22 124.195.124.0/24 125.164.64.0/19 125.165.128.0/18 139.192.0.0/14 180.241.128.0/17 180.242.0.0/16 180.248.128.0/18 180.249.0.0/16 180.251.0.0/18 202.57.0.0/19 203.130.192.0/18
# Japan (JP) (hacking, scraping, or spamming)
deny from 27.50.96.0/19 36.52.0.0/14 42.83.0.0/18 58.188.0.0/14 59.146.0.0/15 60.236.0.0/14 61.112.0.0/12 118.0.0.0/12 118.86.0.0/15 118.106.0.0/16 122.200.192.0/18 122.208.0.0/12 123.216.0.0/13 124.84.0.0/14 126.0.0.0/8 150.70.84.41 202.210.128.0/18 210.198.6.0/23 210.248.0.0/13 211.19.0.0/16 218.216.0.0/13 218.224.0.0/13 219.94.128.0/17 219.96.0.0/11 220.104.0.0/13 220.208.0.0/12 221.121.160.0/20 222.231.64.0/18 222.231.128.0/17 222.144.0.0/13 223.216.0.0/14
# Korea (KR) (including North Korea) IP addresses follow:
deny from 1.208.0.0/12 1.224.0.0/11 14.32.0.0/11 14.64.0.0/11 27.115.128.0/17 27.255.64.0/18 58.72.0.0/13 58.120.0.0/13 58.140.0.0/14 58.148.0.0/14 58.180.40.0/21 58.224.0.0/12 59.0.0.0/11 59.86.192.0/18 59.186.0.0/15 61.32.0.0/13 61.40.0.0/14 61.72.0.0/13 61.80.0.0/15 61.96.0.0/12 61.110.16.0/20 61.248.0.0/13 101.79.0.0/16 110.8.0.0/13 110.45.0.0/16 112.144.0.0/12 112.160.0.0/11 112.216.0.0/13 113.30.64.0/18 114.29.0.0/17 114.108.0.0/17 114.108.128.0/18 114.200.0.0/13 115.0.0.0/12 115.16.0.0/13 115.40.0.0/15 115.68.0.0/16 115.88.0.0/13 116.40.0.0/16 116.45.176.0/20 116.93.192.0/19 116.120.0.0/13 117.110.0.0/15 118.32.0.0/11 118.128.0.0/14 118.216.0.0/13 119.64.0.0/13 119.192.0.0/11 120.50.64.0/18 121.78.0.0/16 121.88.0.0/16 121.101.224.0/19 121.127.64.0/18 121.127.128.0/18 121.128.0.0/10 121.254.0.0/16 122.44.112.0/20 122.99.128.0/17 123.111.0.0/16 123.140.0.0/14 123.212.0.0/14 123.248.0.0/16 124.0.0.0/15 124.50.87.161 124.136.0.0/14 124.217.192.0/19 125.128.0.0/11 125.176.0.0/12 125.240.0.0/13 125.248.0.0/14 143.248.0.0/16 166.104.0.0/16 168.188.0.0/16 175.45.176.0/22 175.112.0.0/12 180.64.0.0/13 180.224.0.0/13 202.30.0.0/15 202.133.16.0/20 202.179.176.0/21 203.226.0.0/15 203.228.0.0/14 203.244.0.0/14 203.248.0.0/13 210.93.0.0/16 210.94.0.0/15 210.108.0.0/14 210.112.0.0/14 210.117.128.0/18 210.118.216.192/26 210.124.0.0/14 210.178.0.0/15 210.180.0.0/15 210.204.0.0/15 210.210.192.0/18 210.219.0.0/16 210.220.0.0/14 211.32.0.0/12 211.48.0.0/15 211.50.0.0/15 211.52.0.0/16 211.62.35.0/24 211.104.0.0/13 211.112.0.0/13 211.168.0.0/13 211.176.0.0/12 211.192.0.0/12 211.208.0.0/14 211.216.0.0/13 211.224.0.0/13 211.232.0.0/13 211.240.0.0/12 218.36.0.0/14 218.48.0.0/13 218.144.0.0/12 218.209.0.0/16 218.232.0.0/14 218.236.0.0/14 219.240.0.0/15 219.248.0.0/13 219.250.88.0/21 220.72.0.0/13 220.80.0.0/13 220.95.88.0/24 220.118.0.0/16 220.119.0.0/16 221.128.0.0/12 221.144.0.0/12 221.160.0.0/13 221.168.0.0/16 221.163.46.0/24 222.96.0.0/12 222.112.0.0/13 222.120.0.0/15 222.122.0.0/16 222.231.0.0/18 222.232.0.0/13
# Yahoo-Korea (provides free email services used by some spammers)
deny from 123.0.0.0/20
# neighboring Asian countries:
# Malaysia (MY)
deny from 27.131.32.0/24 60.48.0.0/14 60.52.0.0/15 60.54.0.0/16 110.159.0.0/16 112.137.160.0/20 113.23.128.0/17 115.132.0.0/14 116.197.0.0/17 116.206.0.0/16 118.100.0.0/15 119.110.96.0/20 120.50.48.0/20 120.140.0.0/15 124.82.0.0/16 124.217.224.0/19 161.139.0.0/16 175.136.0.0/13 180.72.0.0/14 202.58.80.0/20 202.71.96.0/20 202.75.32.0/19 202.188.0.0/18 202.190.0.0/16 203.106.0.0/16 203.217.176.0/22 203.223.128.0/19 210.187.49.0/25 218.111.0.0/16 218.208.12.64/27
# Philippines (PH)
deny from 27.110.144.0/20 85.92.152.0/21 110.5.64.0/21 111.235.80.0/20 112.201.128.0/17 112.202.0.0/16 120.28.64.0/18 122.54.125.73 125.60.128.0/17 125.212.56.0/22 180.193.64.0/19 202.52.54.0/23 202.133.192.0/24 202.146.184.0/23 222.127.32.0/19 222.127.64.0/19
# Singapore (SG)
deny from 58.185.18.0/28 59.189.0.0/16 116.12.48.0/21 116.14.0.0/15 116.251.223.0/24 121.6.0.0/15 165.21.0.0/16 180.210.200.0/21 182.23.147.0/24 192.169.40.0/23 203.92.64.0/18 203.117.0.0/24 218.186.0.0/16 218.212.0.0/16 219.74.0.0/15 219.75.0.0/17
# Taiwan (TW)
deny from 1.160.0.0/12 1.200.0.0/16 36.224.0.0/12 59.112.0.0/12 60.198.0.0/15 60.249.0.0/16 60.250.0.0/15 61.31.0.0/16 61.59.0.0/16 61.63.0.0/16 61.67.128.0/17 61.216.0.0/14 61.220.0.0/14 61.224.0.0/14 61.228.0.0/14 110.24.0.0/13 110.50.128.0/18 111.240.0.0/12 114.24.0.0/14 114.32.0.0/12 115.80.0.0/14 115.85.144.0/20 117.19.0.0/16 118.160.0.0/13 122.116.0.0/15 122.118.0.0/16 122.120.0.0/13 122.254.0.0/18 123.51.128.0/17 123.240.0.0/15 124.8.0.0/14 125.224.0.0/13 140.109.0.0/16 140.110.0.0/15 140.112.0.0/12 140.128.0.0/13 140.136.0.0/15 140.138.0.0/16 163.13.0.0/16 163.14.0.0/15 163.16.0.0/12 163.24.0.0/16 163.32.0.0/16 175.96.0.0/14 203.64.0.0/14 203.71.0.0/16 203.72.0.0/16 210.59.0.0/16 210.200.0.0/15 210.240.0.0/16 211.20.0.0/15 211.23.0.0/16 211.75.0.0/16 211.76.160.0/20 211.79.32.0/20 218.160.0.0/12 219.84.0.0/15 219.90.3.0/24 220.128.0.0/12
# Thailand (TH)
deny from 1.46.0.0/15 14.207.0.0/16 49.0.64.0/18 49.230.0.0/16 58.8.0.0/16 58.9.0.0/16 58.10.0.0/16 58.137.0.0/16 61.19.0.0/16 61.47.0.0/17 110.34.128.0/17 110.168.0.0/16 113.53.0.0/17 114.131.0.0/16 115.87.128.0/17 117.47.0.0/16 118.172.0.0/14 122.154.0.0/15 123.242.128.0/18 124.120.0.0/16 124.121.0.0/16 124.122.0.0/16 125.25.0.0/19 171.97.128.0/17 202.28.0.0/15 202.44.135.0/24 202.133.128.0/18 202.142.192.0/19 202.143.128.0/18 203.107.142.0/24 203.113.0.0/17 203.130.149.0/24 203.144.128.0/17 203.146.0.0/16 203.148.128.0/17 203.149.0.0/18 203.150.128.0/17 203.151.38.0/24 203.155.0.0/16 203.158.96.0/19 203.158.128.0/17 203.170.193.0/24 203.172.128.0/17 203.185.128.0/19 210.213.0.0/18 222.123.0.0/16 223.205.0.0/16 223.207.0.0/16
# Vietnam (VN)
deny from 1.52.112.0/20 27.64.0.0/12 42.112.0.0/13 58.186.0.0/15 112.78.0.0/20 112.197.0.0/16 112.213.80.0/20 113.22.0.0/16 113.23.0.0/17 113.160.0.0/11 115.72.0.0/13 115.84.176.0/22 116.96.0.0/12 117.0.0.0/13 118.68.0.0/14 123.16.0.0/12 125.234.0.0/15 171.224.0.0/11 175.100.64.0/20 180.93.0.0/16 183.80.0.0/16 183.81.0.0/17 183.91.0.0/19 202.78.227.0/24 203.113.128.0/18 203.162.0.0/16 203.210.192.0/18 210.211.96.0/19 210.245.80.0/20 220.231.124.0/22 222.252.0.0/14
# end Chinese-Korean blocklist
# Hungary (HU)
deny from 46.107.0.0/16 94.125.176.0/22 145.236.0.0/16 193.178.119.0/24
# Poland (PL)
deny from 31.6.70.0/23 78.8.0.0/14 95.160.16.0/22
# Turkey (TR)
deny from 31.192.208.0/21 31.210.32.0/19 31.210.64.0/18 31.223.0.0/17 46.1.0.0/16 46.45.136.0/21 46.45.184.0/21 46.196.0.0/16 46.235.12.0/24 62.248.0.0/17 77.79.64.0/18 77.92.128.0/19 77.223.128.0/20 78.40.224.0/21 78.160.0.0/11 79.135.160.0/19 80.93.217.0/24 81.6.64.0/18 81.212.0.0/14 82.222.0.0/16 84.51.0.0/18 85.95.224.0/19 85.96.0.0/12 85.100.128.0/17 85.101.0.0/17 85.103.0.0/17 85.105.0.0/17 85.106.0.0/15 85.110.0.0/16 88.224.0.0/11 89.19.0.0/19 89.106.0.0/19 89.113.72.0/21 91.93.0.0/16 92.44.0.0/15 92.63.0.0/20 93.182.64.0/18 93.186.112.0/20 93.187.200.0/21 94.78.64.0/18 94.101.80.0/20 94.102.0.0/20 94.103.32.0/20 95.0.0.0/16 95.9.0.0/16 95.14.0.0/17 95.65.128.0/17 95.130.168.0/21 95.173.160.0/19 109.232.216.0/21 151.250.0.0/16 160.75.0.0/16 176.33.0.0/16 176.40.0.0/14 176.53.0.0/17 178.211.49.0/24 178.242.0.0/15 185.4.224.0/22 188.3.0.0/16 188.38.0.0/16 188.56.0.0/14 188.124.0.0/19 188.132.128.0/17 193.140.0.0/16 193.255.156.0/24 194.27.0.0/16 194.54.32.0/19 195.46.144.0/20 195.155.0.0/16 195.174.0.0/15 195.175.0.0/17 195.182.25.0/24 212.15.0.0/19 212.58.0.0/19 212.68.32.0/19 212.95.40.0/23 212.109.96.0/19 212.156.0.0/16 212.174.0.0/16 212.175.0.0/16 213.248.128.0/18 217.131.144.0/20 217.195.192.0/20
# German (DE) and Austrian (AT) ISPs used by hackers and spammers including 1&1internet DE and Schlund Customers & Partners
deny from 31.214.128.0/19 77.176.0.0/12 78.46.0.0/15 78.159.96.0/19 79.143.176.0/20 79.192.0.0/10 80.128.0.0/11 82.165.128.0/20 83.138.64.0/21 83.169.40.0/21 85.214.0.0/16 87.106.0.0/16 87.118.64.0/18 87.128.0.0/10 87.247.192.0/22 89.149.192.0/18 89.200.168.0/21 91.0.0.0/10 91.213.217.0/24 93.186.192.0/20 93.192.0.0/10 178.18.240.0/20 178.162.128.0/17 178.238.224.0/20 188.72.192.0/18 188.102.0.0/15 193.34.144.0/23 212.95.32.0/19 213.133.96.0/19 217.72.192.0/20
# Iran (IR)
deny from 2.144.0.0/15 2.176.0.0/12 5.52.0.0/16 5.234.0.0/16 37.254.0.0/16 46.100.0.0/16 46.164.64.0/18 85.185.0.0/16 86.109.32.0/19 91.241.20.0/23 95.38.0.0/16 94.101.128.0/21 94.101.176.0/20 109.122.192.0/18 178.131.0.0/16 178.157.40.0/22 178.173.128.0/17 212.80.20.0/23
# Nigerian (NG), Kenyan (KE), Ivory Coast and other African 419 Scammers IP addresses follow:
deny from 12.166.96.32/27 41.58.0.0/16 41.66.192.0/18 41.71.128.0/17 41.85.160.0/19 41.93.128.0/17 41.136.0.0/16 41.138.88.0/22 41.138.160.0/19 41.139.64.0/18 41.155.0.0/17 41.184.0.0/16 41.189.0.0/19 41.189.32.0/19 41.189.96.0/19 41.190.0.0/19 41.190.88.0/22 41.191.84.0/22 41.191.108.0/22 41.194.52.0/22 41.202.0.0/17 41.202.128.0/19 41.202.192.0/19 41.203.64.0/18 41.203.208.0/21 41.203.224.0/20 41.204.0.0/17 41.204.128.0/18 41.204.224.0/19 41.205.0.0/19 41.205.64.0/19 41.205.160.0/19 41.206.0.0/18 41.206.64.0/19 41.207.0.0/19 41.207.160.0/19 41.207.192.0/19 41.208.48.0/23 41.208.128.0/18 41.210.0.0/18 41.210.192.0/18 41.211.0.0/19 41.211.192.0/18 41.212.128.0/17 41.214.0.0/17 41.215.160.0/20 41.216.32.0/19 41.217.0.0/17 41.218.192.0/18 41.219.128.0/17 41.220.0.0/16 41.221.80.0/20 41.221.160.0/20 41.222.0.0/21 41.222.24.0/21 41.222.40.0/21 41.222.64.0/21 41.222.192.0/22 41.223.24.0/22 41.223.64.0/22 41.223.248.0/22 61.11.230.112/29 62.24.96.0/19 62.56.128.0/17 62.56.235.0/24 62.56.236.0/24 62.56.244.0/22 62.56.248.0/24 62.128.160.0/20 62.173.32.0/19 62.192.128.0/19 62.192.140.250 62.193.160.0/19 63.70.178.0/24 63.73.58.0/24 63.100.193.0/24 63.103.138.0/24 63.103.139.64/26 63.103.140.0/22 63.109.245.168/29 63.109.247.0/24 63.109.248.128/25 63.122.154.0/24 64.14.48.128/26 64.86.155.0/24 64.86.210.0/23 64.110.30.0/24 64.110.31.0/24 64.110.64.16/28 64.110.76.0/23 64.110.81.0/24 64.110.93.16/28 64.110.93.176/28 64.110.147.0/24 64.201.33.0/24 65.209.91.0/24 65.209.92.0/24 66.18.64.0/19 66.110.31.0/24 66.178.0.0/17 66.199.241.82 66.205.20.0/24 77.70.128.0/24 77.70.129.0/26 77.70.137.0/25 77.70.138.0/23 77.73.184.0/21 77.220.0.0/20 78.138.2.0/24 78.138.3.0/25 78.138.3.128/26 78.138.3.192/27 78.138.3.224/28 78.138.8.8/29 78.138.32.32/27 78.138.33.144/29 80.78.16.168/29 80.78.16.176/28 80.78.16.192/28 80.78.17.0/24 80.78.18.88/29 80.78.18.96/27 80.78.18.128/29 80.78.19.16/29 80.78.19.104/29 80.78.19.112/28 80.78.23.16/28 80.87.64.0/19 80.88.128.0/20 80.88.129.0/24 80.88.130.0/24 80.88.131.0/24 80.88.132.0/26 80.88.132.64/27 80.88.132.104/29 80.88.132.128/26 80.88.132.192/27 80.88.132.224/28 80.88.132.240/29 80.88.133.0/25 80.88.134.0/26 80.88.134.64/29 80.88.135.0/24 80.88.136.0/24 80.88.137.0/24 80.88.138.0/25 80.88.138.128/26 80.88.138.192/27 80.88.139.0/25 80.88.139.128/26 80.88.139.192/27 80.88.139.224/28 80.88.140.0/24 80.88.141.0/25 80.88.141.128/27 80.88.142.0/24 80.88.143.128/29 80.88.144.0/23 80.88.146.0/24 80.88.147.0/24 80.88.148.0/24 80.88.149.0/25 80.88.149.128/26 80.88.149.192/28 80.88.150.0/24 80.88.151.0/24 80.88.152.0/24 80.88.153.0/24 80.88.154.32/27 80.88.154.72/29 80.88.154.80/29 80.88.154.96/28 80.88.155.0/25 80.88.155.128/27 80.88.155.160/29 80.89.176.0/24 80.179.102.0/24 80.179.107.64/27 80.179.107.224/29 80.179.128.0/17 80.231.4.0/23 80.240.192.0/20 80.247.136.0/24 80.247.137.0/24 80.247.141.32/27 80.247.141.64/26 80.247.141.128/25 80.247.142.0/24 80.247.147.16/28 80.247.147.32/29 80.247.147.64/27 80.247.147.96/28 80.247.151.0/24 80.247.153.0/24 80.247.156.0/26 80.247.156.128/28 80.247.157.0/24 80.247.159.0/24 80.248.0.0/20 80.248.64.0/20 80.250.32.0/20 80.255.40.48/28 80.255.40.96/29 80.255.40.112/28 80.255.40.128/28 80.255.40.192/28 80.255.40.224/27 80.255.40.240/28 80.255.41.160/28 80.255.43.0/24 80.255.46.0/29 80.255.46.16/28 80.255.46.64/29 80.255.58.160/27 80.255.58.192/26 80.255.59.19 80.255.59.232/29 80.255.59.240/29 80.255.61.0/25 81.18.32.0/20 81.18.40.0/24 81.18.42.0/24 81.23.194.0/27 81.23.194.64/27 81.23.194.128/25 81.23.195.0/24 81.23.196.0/25 81.23.196.128/29 81.23.200.0/21 81.24.0.0/20 81.91.224.0/20 81.199.0.0/16 82.128.0.0/17 82.206.136.0/24 83.137.59.8/29 83.137.61.0/24 83.138.167.40/29 83.143.8.0/22 83.229.0.0/17 84.254.188.3 84.254.128.0/18 155.239.0.0/16 192.116.64.0/18 192.116.128.0/18 192.116.152.0/21 192.118.71.0/24 193.93.96.0/22 193.95.0.0/17 193.110.2.0/23 193.189.0.0/18 193.189.64.0/23 193.189.128.0/24 193.194.64.0/19 193.219.192.0/18 193.220.0.0/16 193.220.26.0/24 193.220.30.0/26 193.220.30.64/27 193.220.31.0/26 193.220.31.64/27 193.220.45.0/25 193.220.47.0/25 193.220.77.0/26 193.220.187.0/26 193.220.187.128/27 194.200.0.0/14 195.8.22.0/24 195.10.109.192/26 195.24.192.0/19 195.44.168.0/21 195.44.176.0/21 195.137.13.0/24 195.137.14.0/24 195.166.224.0/19 195.214.240.0/21 195.219.176.0/24 195.225.62.0/23 195.245.108.0/23 196.0.0.0/16 196.1.176.0/20 196.3.60.0/22 196.3.180.0/22 196.12.12.0/22 196.20.0.0/19 196.29.96.0/19 196.29.216.0/21 196.29.224.0/20 196.44.96.0/19 196.45.192.0/18 196.46.240.0/21 196.128.0.0/10 196.192.0.0/12 196.208.0.0/14 196.212.0.0/14 196.216.64.0/19 196.220.0.0/19 197.242.96.0/19 197.251.128.0/17 198.54.0.0/16 204.16.124.0/22 204.118.170.0/24 206.82.128.0/20 206.113.97.0/24 208.70.0.0/21 208.78.56.0/21 209.88.163.0/24 209.101.84.0/24 209.159.160.0/20 209.198.240.0/23 209.198.242.16/28 209.198.242.96/29 209.198.242.104/30 209.198.242.108/31 209.198.242.128/27 209.198.246.240/28 212.49.64.0/19 212.52.128.0/19 212.60.64.0/19 212.85.192.0/19 212.96.0.0/19 212.100.64.0/19 212.165.128.0/17 212.165.132.64/27 212.165.135.0/24 212.165.140.16/29 212.165.140.64/26 212.165.140.128/25 212.165.141.0/24 212.165.147.0/26 212.165.147.128/26 212.165.183.0/24 212.199.108.0/24 212.199.251.0/24 212.247.93.0/24 213.136.96.0/19 213.140.62.0/23 213.150.192.0/23 213.154.64.0/19 213.166.160.0/19 213.181.64.0/19 213.185.96.0/21 213.185.106.0/24 213.185.112.0/24 213.185.113.0/26 213.185.113.64/27 213.185.113.96/27 213.185.118.160/27 213.185.118.192/26 213.185.124.0/24 213.187.135.0/24 213.187.145.0/24 213.211.128.0/18 213.211.188.0/24 213.232.96.0/24 213.255.193.0/24 213.255.194.0/24 213.255.195.0/24 213.255.198.0/24 213.255.199.0/24 216.72.104.0/21 216.74.187.0/24 216.118.252.0/24 216.118.253.0/24 216.118.254.0/24 216.129.147.128/28 216.129.159.0/24 216.133.174.0/24 216.139.160.0/19 216.147.132.144/28 216.147.132.160/28 216.147.134.0/24 216.147.159.0/24 216.185.79.0/24 216.236.200.96/28 216.236.202.96/28 216.236.205.0/24 216.236.222.128/26 216.250.195.0/27 216.250.195.64/26 216.250.221.0/24 216.250.222.0/24 216.252.176.0/24 216.252.177.0/24 216.252.231.0/25 216.252.245.0/24 217.10.163.128/26 217.10.163.192/27 217.10.163.224/27 217.10.166.0/26 217.10.166.64/28 217.10.169.0/24 217.10.170.0/24 217.10.171.0/24 217.10.173.0/26 217.10.182.0/27 217.10.184.0/24 217.14.80.0/20 217.15.124.0/25 217.20.240.0/20 217.20.241.0/25 217.20.241.128/29 217.20.241.136/29 217.20.241.144/28 217.20.241.160/29 217.20.241.168/29 217.20.241.176/29 217.20.241.184/29 217.20.241.192/29 217.20.241.200/29 217.20.241.208/29 217.20.242.0/24 217.20.243.16/28 217.20.243.32/27 217.21.64.0/19 217.21.112.0/20 217.78.64.0/20 217.117.0.0/20 217.146.3.144/28 217.146.3.160/28 217.146.3.176/29 217.146.3.224/27 217.146.4.64/26 217.146.5.0/24 217.146.6.0/25 217.146.6.160/27 217.146.7.0/24 217.146.8.0/25 217.146.9.0/24 217.146.10.128/25 217.146.11.0/25 217.146.12.0/24 217.146.13.0/24 217.146.14.0/25 217.146.15.0/25 217.146.16.0/27 217.146.16.32/29 217.168.112.0/20 217.194.140.0/22 217.194.144.0/20 217.199.144.0/20 217.212.242.0/23
# South African ISPs (ZA), used by Nigerian 419 and lottery scammers
deny from 41.0.0.0/16 41.14.0.0/16 41.17.0.0/16 41.18.0.0/15 41.26.0.0/15 41.28.0.0/15 41.30.0.0/15 41.54.0.0/15 41.56.0.0/16 41.112.0.0/12 41.132.0.0/14 41.160.0.0/12 41.213.0.0/17 41.132.0.0/14 41.146.0.0/16 41.240.0.0/16 41.241.0.0/16 41.242.0.0/16 41.243.0.0/16 41.244.0.0/16 41.245.0.0/16 41.246.0.0/16 105.224.0.0/14 165.143.0.0/16 165.144.0.0/14 165.148.0.0/15 196.2.112.0/21 196.7.128.0/19 196.34.0.0/15 196.36.0.0/14 196.210.0.0/16 196.215.0.0/16 197.168.0.0/14
# Added Goldenlines.net.il (Israel) because of Open Proxies and satellite services used by Nigerian scammers
deny from 80.179.244.0/24
# Algeria (DZ)
deny from 41.97.0.0/16 41.200.0.0/15
# Mauritius (MU)
deny from 197.224.0.0/14
# Morocco (MA)
deny from 41.140.0.0/14 41.248.0.0/14
# Tanzania (TZ)
deny from 196.43.64.0/19
# Freenet in Germany (DE) (freenet.de); Used as spam relay by many Nigerian scammers
# Narrow band used by recent scammers:
deny from 195.4.92.0/23
# Full Freenet.de CIDR:
deny from 195.4.0.0/16
# ISPs in Spain (ES), France (FR) and Italy (IT), used by many ex-patriot Nigerian lottery and 419 scammers
deny from 62.42.0.0/16 77.211.0.0/16 79.174.192.0/18 80.12.242.0/24 80.24.0.0/16 80.25.0.0/16 80.36.0.0/14 81.34.0.0/16 81.45.0.0/16 81.51.0.0/16 81.202.0.0/15 81.208.0.0/18 82.63.128.0/18 82.90.0.0/15 82.194.64.0/19 82.196.0.0/19 83.54.0.0/16 84.120.0.0/13 85.39.0.0/16 85.91.64.0/19 85.235.128.0/19 88.0.0.0/11 88.202.124.0/27 89.141.0.0/17 90.43.172.0/24 90.160.0.0/12 91.142.208.0/20 93.32.0.0/11 147.83.0.0/16 147.96.0.0/16 193.252.22.0/24 195.53.0.0/16 195.55.0.0/16 212.121.224.0/19 213.4.0.0/16 213.60.0.0/16 213.194.128.0/18 213.194.144.0/20 213.244.0.0/20 217.108.0.0/16
# Add other blocked domain names or IP addresses here, starting with "deny from " without quotes
# If you find that you need to poke a hole in the blocklist, for legitimate visitors, follow this example: allow from 123.456.789.0
# Add "allow from" IP addresses, or CIDR Ranges, after all of the "deny from" items, just before the closing Files tag.
# Everything not included within these deny from ranges is PERMITTED by the allow portion of the directive.
</Files>
@rutger1140
Copy link
Author

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment