Creating a htaccess file from the IPinfo IP database

An .htaccess file can be used for firewall configuration and other purposes. In this quick tutorial, we will discuss how to convert an IPinfo database’s IP ranges into a .htaccess file, which can be used to deny access to IP address ranges mentioned in the database.

For this example, we are going to use the IP to Privacy Detection Data Downloads.

Step 0: Prerequisites:

• Bash-based terminal and some terminal applications: gunzip, cut, tail.
• IPinfo CLI: https://github.com/ipinfo/cli
• IPinfo IP database downloads

Step 1: Download and Unzip the CSV dataset

For this operation, you would need to download and unzip the .csv format database of the IP data downloads. After downloading the IP to Privacy Detection Database, unzip it. You can use gunzip.

gunzip -c standard_privacy.csv.gz > standard_privacy.csv

The unzipped CSV plaintext database will be stored as standard_privacy.csv.

Step 2: Convert the IP range to CIDR using the range2cidr command on the CLI

For this step, you need to install the IPinfo CLI. After installation, you have to use the range2cidr command that converts the start_ip and end_ip columns to the cidr column.

ipinfo range2cidr standard_privacy.csv > standard_privacy_cidr.csv

Before the CIDR conversion: standard_privacy.csv

After the CIDR conversion: standard_privacy_cidr.csv

Step 3: Extracting the CIDR column values

Now, you need to extract the column containing the CIDR equivalent value of the IP ranges from the standard_privacy_cidr.csv dataset. You can use a combination of the tail and cut commands for that. The tail command will skip the header, and the cut command will extract the first column from the standard_privacy_cidr.csv file.

The extracted CIDR values will be stored in the text file: cidrs.txt

tail -n +2 standard_privacy_cidr.csv | cut -d',' -f1 > cidrs.txt

Extracted CIDR values: cidrs.txt

1.0.0.0/32
1.0.0.1/32
1.0.0.2/32
1.0.0.3/32
1.0.0.4/30

Step 4: Create the .htaccess file using a bash script

Then, you can use the following bash script to create the .htaccess configuration file. Create the htaccess_ipinfo.sh file like so:

#!/bin/bash

# Output file
htaccess_file=".htaccess"

# Read the input file name from stdin
read -p "Enter the file name containing CIDRs: " input_file

# Check if the input file exists
if [ ! -e "$input_file" ]; then
    echo "Error: Input file '$input_file' not found."
    exit 1
fi

# Check if the output file already exists and delete it
if [ -e "$htaccess_file" ]; then
    rm "$htaccess_file"
fi

# Loop through the CIDR list and append deny rules to the file
while IFS= read -r cidr; do
    echo "Deny from $cidr" >> "$htaccess_file"
done < "$input_file"

echo "Order allow,deny" >> "$htaccess_file"
echo "Allow from all" >> "$htaccess_file"

echo "Rules added to $htaccess_file"

Input: The script will request the name of the file containing CIDR values of the IP range. Pass the cidr.txt as an input here.

Output: After the script finishes running, you will find a .htaccess file containing the configuration information.

Running the script:

ipinfo → create_htaccess_file $ ./htaccess_ipinfo.sh
Enter the file name containing CIDRs: cidrs.txt
Rules added to .htaccess

ipinfo → create_htaccess_file $ cat .htaccess
Deny from 1.0.0.0/32
Deny from 1.0.0.1/32
Deny from 1.0.0.2/32
Deny from 1.0.0.3/32
Deny from 1.0.0.4/30
Deny from 1.0.0.8/29
Deny from 1.0.0.16/28
Deny from 1.0.0.32/27
Deny from 1.0.0.64/26
Order allow,deny
Allow from all

The .htaccess file: .htaccess

Deny from 1.0.0.0/32
Deny from 1.0.0.1/32
Deny from 1.0.0.2/32
Deny from 1.0.0.3/32
Deny from 1.0.0.4/30
Deny from 1.0.0.8/29
Deny from 1.0.0.16/28
Deny from 1.0.0.32/27
Deny from 1.0.0.64/26
Order allow,deny
Allow from all

Please remember that the IPinfo IP data downloads contain hundreds of thousands, or even millions, of rows, so this operation will take some time.