# How to block IP addresses via an .htaccess file > Use a .htaccess file to block specific IP addresses from accessing your site or restrict a folder to approved IPs only. Source: https://www.kualo.com/knowledgebase/dev-server/how-to-block-ips-via-an-htaccess-file Updated: 2026-06-04 --- You can quickly block IP addresses from accessing your site or a specific folder by adding a few lines to a `.htaccess` file. No server-level access is needed - the file sits alongside your content and Apache applies the rules automatically. ## Finding or creating your .htaccess file The `.` prefix makes `.htaccess` a hidden file, so you will need to enable hidden file visibility before you can see or create it. - In cPanel File Manager, click **Settings** and tick **Show Hidden Files**. - In an FTP client, enable the option to show dotfiles (sometimes labelled "show hidden files" or "show server hidden files"). If a `.htaccess` file does not already exist in the target folder, create a new plain-text file and name it `.htaccess`. - To apply rules to your **entire site**, place the file in `public_html`. - To apply rules to a **specific folder**, place the file inside that folder. For example, to restrict `https://example.com/dev`, place the file in `public_html/dev`. ## Blocking specific IP addresses Add the following to your `.htaccess` file, replacing the example addresses with the IPs you want to block: ```apache Order allow,deny Deny from 203.0.113.0 Deny from 198.51.100.42 Allow from all ``` This allows everyone except the listed IPs. To block additional addresses, add more `Deny from` lines before `Allow from all`. ## Allowing only specific IP addresses If you want to restrict a folder so that only you or your developers can access it, reverse the logic: ```apache Order allow,deny Allow from 203.0.113.10 Allow from 198.51.100.5 Deny from all ``` Only the listed IPs will be permitted; everyone else receives a 403 Forbidden response. :::tip You can allow or deny an entire subnet by specifying a partial address, for example `Deny from 203.0.113` blocks all IPs in the `203.0.113.0/24` range. ::: :::info The `Order allow,deny` / `Deny from` / `Allow from` directives are part of the legacy `mod_access_compat` module. They work on Apache servers but if you are running a newer Apache 2.4 configuration you may prefer the `Require` directive instead. Check with Kualo support if you are unsure which applies to your hosting environment. ::: --- _Source: Kualo Knowledgebase — https://www.kualo.com/knowledgebase/dev-server/how-to-block-ips-via-an-htaccess-file · © Kualo Ltd._