Apache Integration

Block blacklisted IPs with Apache .htaccess or mod_rewrite. Step-by-step setup guide with code examples.

186,817 IPs 8,269 reports Free API

Quick Install

Apache 2.4+

Ubuntu

Debian

CentOS

RHEL

Run this command as root to set up automatic IP blocking in Apache:

No API key needed (500 reports/day):

curl -sL https://bl.ipwhois.net/api/apache/install | sudo bash

No curl? Use wget:

wget -qO- https://bl.ipwhois.net/api/apache/install | sudo bash

Creates RequireAll deny config, auto-enables with a2enconf (Debian/Ubuntu), sets up cron sync every 6h.

Requires: Apache 2.4+ curl Root access

How it works

The install script creates a sync script that runs every 6 hours via cron. It downloads high-confidence blacklisted IPs and generates Apache 2.4 Require not ip rules wrapped in a RequireAll block. Apache reloads automatically after each sync.

On Debian/Ubuntu it uses a2enconf to enable the config. On RHEL/CentOS the conf.d/ directory is auto-included.

Block

Apache returns 403 for blacklisted IPs before hitting your app. Free: 500 req/day, with key: 1,000/day.

Block only

Blocks at web server level. Pair with Fail2Ban to also report attacks.

Manual Setup

Step 1: Create the sync script

/usr/local/bin/ipwhois-apache-sync.sh

#!/bin/bash
API="https://bl.ipwhois.net/api/browse?format=plaintext&min_confidence=80&per=100"
BLOCK_FILE="/etc/apache2/conf-available/ipwhois-blocklist.conf"
TMP="/tmp/ipwhois-apache.tmp"

PAGE=1; COUNT=0
while true; do
    IPS=$(curl -s --max-time 15 "${API}&page=${PAGE}")
    [ -z "$IPS" ] && break
    while read -r ip; do
        [ -n "$ip" ] && echo "    Require not ip $ip" >> "$TMP" && COUNT=$((COUNT+1))
    done <<< "$IPS"
    [ $(echo "$IPS" | wc -l) -lt 100 ] && break
    PAGE=$((PAGE+1)); [ $PAGE -gt 10 ] && break
    sleep 0.5
done

if [ $COUNT -gt 0 ]; then
    {
        echo "# IPWhois.net Blacklist - $COUNT IPs - $(date)"
        echo ""
        echo "    "
        echo "        Require all granted"
        cat "$TMP"
        echo "    "
        echo ""
    } > "$BLOCK_FILE"
    rm -f "$TMP"
    apache2 -t 2>/dev/null && systemctl reload apache2 2>/dev/null
fi
echo "$(date) - $COUNT IPs" >> /var/log/ipwhois-apache.log

Step 2: Enable and set up cron

# Debian/Ubuntu
sudo chmod +x /usr/local/bin/ipwhois-apache-sync.sh
sudo a2enconf ipwhois-blocklist
echo "0 */6 * * * root /usr/local/bin/ipwhois-apache-sync.sh" | sudo tee /etc/cron.d/ipwhois-apache
sudo /usr/local/bin/ipwhois-apache-sync.sh

Alternative: .htaccess (shared hosting)

If you don't have root access, add this to your .htaccess:

# Add blacklisted IPs here (update manually or via script)
# Get list: curl -s "https://bl.ipwhois.net/api/browse?format=plaintext&min_confidence=90"

    
        Require all granted
        Require not ip 1.2.3.4
        Require not ip 5.6.7.8

Troubleshooting

403 for everyone: Check the blocklist file syntax. Run apache2 -t or httpd -t to validate.
Config not loading: On Debian/Ubuntu run a2enconf ipwhois-blocklist. On RHEL check conf.d/ is included.
Apache 2.2: Replace Require not ip with Deny from syntax. Apache 2.2 is EOL, upgrade recommended.
Behind proxy: Use mod_remoteip with RemoteIPHeader X-Forwarded-For to get real client IP.
.htaccess not working: Ensure AllowOverride All is set in your VirtualHost config.
Block + Report: Pair with Fail2Ban for both blocking and reporting.