An .htaccess
file can be used for firewall configuration and other purposes. In this quick tutorial, we will discuss how to convert an IPinfo database’s IP ranges into a .htaccess
file, which can be used to deny access to IP address ranges mentioned in the database.
For this example, we are going to use the IP to Privacy Detection Data Downloads.
Step 0: Prerequisites:
- Bash-based terminal and some terminal applications:
gunzip
,cut
,tail
. - IPinfo CLI: https://github.com/ipinfo/cli
- IPinfo IP database downloads
Step 1: Download and Unzip the CSV dataset
For this operation, you would need to download and unzip the .csv
format database of the IP data downloads. After downloading the IP to Privacy Detection Database, unzip it. You can use gunzip
.
gunzip -c standard_privacy.csv.gz > standard_privacy.csv
The unzipped CSV plaintext database will be stored as standard_privacy.csv
.
Step 2: Convert the IP range to CIDR using the range2cidr
command on the CLI
For this step, you need to install the IPinfo CLI. After installation, you have to use the range2cidr
command that converts the start_ip
and end_ip
columns to the cidr
column.
ipinfo range2cidr standard_privacy.csv > standard_privacy_cidr.csv
Before the CIDR conversion: standard_privacy.csv
start_ip | end_ip | join_key | hosting | proxy | tor | vpn | relay | service |
---|---|---|---|---|---|---|---|---|
1.0.0.0 | 1.0.0.0 | 1.0.0.0 | true | |||||
1.0.0.1 | 1.0.0.2 | 1.0.0.0 | true | true | ||||
1.0.0.3 | 1.0.0.255 | 1.0.0.0 | true | |||||
1.0.103.183 | 1.0.103.183 | 1.0.0.0 | true | true |
After the CIDR conversion: standard_privacy_cidr.csv
cidr | join_key | hosting | proxy | tor | vpn | relay | service |
---|---|---|---|---|---|---|---|
1.0.0.0/32 | 1.0.0.0 | true | |||||
1.0.0.1/32 | 1.0.0.0 | true | true | ||||
1.0.0.2/32 | 1.0.0.0 | true | true | ||||
1.0.0.3/32 | 1.0.0.0 | true |
Step 3: Extracting the CIDR column values
Now, you need to extract the column containing the CIDR equivalent value of the IP ranges from the standard_privacy_cidr.csv
dataset. You can use a combination of the tail
and cut
commands for that. The tail
command will skip the header, and the cut
command will extract the first column from the standard_privacy_cidr.csv
file.
The extracted CIDR values will be stored in the text file: cidrs.txt
tail -n +2 standard_privacy_cidr.csv | cut -d',' -f1 > cidrs.txt
Extracted CIDR values: cidrs.txt
1.0.0.0/32
1.0.0.1/32
1.0.0.2/32
1.0.0.3/32
1.0.0.4/30
Step 4: Create the .htaccess
file using a bash script
Then, you can use the following bash script to create the .htaccess
configuration file. Create the htaccess_ipinfo.sh
file like so:
#!/bin/bash
# Output file
htaccess_file=".htaccess"
# Read the input file name from stdin
read -p "Enter the file name containing CIDRs: " input_file
# Check if the input file exists
if [ ! -e "$input_file" ]; then
echo "Error: Input file '$input_file' not found."
exit 1
fi
# Check if the output file already exists and delete it
if [ -e "$htaccess_file" ]; then
rm "$htaccess_file"
fi
# Loop through the CIDR list and append deny rules to the file
while IFS= read -r cidr; do
echo "Deny from $cidr" >> "$htaccess_file"
done < "$input_file"
echo "Order allow,deny" >> "$htaccess_file"
echo "Allow from all" >> "$htaccess_file"
echo "Rules added to $htaccess_file"
Input: The script will request the name of the file containing CIDR values of the IP range. Pass the cidr.txt
as an input here.
Output: After the script finishes running, you will find a .htaccess
file containing the configuration information.
Running the script:
ipinfo → create_htaccess_file $ ./htaccess_ipinfo.sh
Enter the file name containing CIDRs: cidrs.txt
Rules added to .htaccess
ipinfo → create_htaccess_file $ cat .htaccess
Deny from 1.0.0.0/32
Deny from 1.0.0.1/32
Deny from 1.0.0.2/32
Deny from 1.0.0.3/32
Deny from 1.0.0.4/30
Deny from 1.0.0.8/29
Deny from 1.0.0.16/28
Deny from 1.0.0.32/27
Deny from 1.0.0.64/26
Order allow,deny
Allow from all
The
.htaccess
file: .htaccess
Deny from 1.0.0.0/32
Deny from 1.0.0.1/32
Deny from 1.0.0.2/32
Deny from 1.0.0.3/32
Deny from 1.0.0.4/30
Deny from 1.0.0.8/29
Deny from 1.0.0.16/28
Deny from 1.0.0.32/27
Deny from 1.0.0.64/26
Order allow,deny
Allow from all
Please remember that the IPinfo IP data downloads contain hundreds of thousands, or even millions, of rows, so this operation will take some time.