I read and understand how to block an ip using htaccess:
order deny,allow
deny from 111.222.33.44
deny from 55.66.77.88
...
allow from all
But my list of black IPs includes thousands of IPs.
I save all IPs to a blacklist.txt file.
Can I use htaccess to call blacklist.txt and block all IPs which are stored in this file? If so, how?
You can try using variations of RewriteMap. You'll need access to the server/vhost config because that directive only works there. You can then use the map inside htaccess files.
Say your blacklist.txt file looks like this:
111.222.33.44 deny
55.66.77.88 deny
192.168.0.1 allow
You can define the map like so:
RewriteEngine On
RewriteMap access txt:/path/to/blacklist.txt
Then in your htaccess, you can invoke the map:
RewriteEngine On
RewriteCond ${access:%{REMOTE_ADDR}} deny [NC]
RewriteRule ^ - [L,F]
The condition invokes the map and checks if the remote address maps to the word "deny", and if so, the rewrite rule outright forbids access.
If your blacklist.txt is only a list of IPs, and you don't want to add a "deny" after each one, you'll need to invoke a program map type and write a script, something like this:
#!/bin/bash
while true
do
read INPUT
MATCH=`grep $INPUT /path/to/blacklist.txt`
if [ -z "$MATCH" ]; then
echo "allow"
else
echo "deny"
fi
done
which infinite loops read input and greps the blacklist.txt file. If the IP is in the file, output a "deny", otherwise it outputs a "allow". Then you'd create the map like so:
RewriteEngine On
RewriteMap access prg:/path/to/blacklist.txt
And the rewrite rule to check against the map would be no different.