> ## Documentation Index
> Fetch the complete documentation index at: https://help.noxity.io/llms.txt
> Use this file to discover all available pages before exploring further.

# IP Blocker

> Deny incoming traffic from a single IP, a CIDR range, an IP range using dashes, or an entire country. Stays in effect until you remove the rule.

The IP Blocker writes `Deny from <address>` rules into your `.htaccess` for you. The block applies to HTTP and HTTPS traffic for every domain on the account.

Open it from cPanel home → **Security** → **IP Blocker**.

<Frame caption="IP Blocker form and the list of currently blocked addresses">
  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ip-blocker/listing-light.png" alt="IP Blocker page with the entry form and active block list" className="block dark:hidden" />

  <img src="https://mintlify.s3.us-west-1.amazonaws.com/noxity/images/cpanel/security-settings/ip-blocker/listing-dark.png" alt="IP Blocker page with the entry form and active block list" className="hidden dark:block" />
</Frame>

## What you can put in the box

The form accepts a few notations. Mix and match as needed.

| Format          | Example                    | Meaning                                                                                                 |
| --------------- | -------------------------- | ------------------------------------------------------------------------------------------------------- |
| Single IPv4     | `203.0.113.5`              | One address                                                                                             |
| Single IPv6     | `2001:db8::1`              | One IPv6 address                                                                                        |
| Range (dash)    | `203.0.113.5-203.0.113.50` | All addresses in that range                                                                             |
| Range (implied) | `203.0.113.5-50`           | Same range, shorthand                                                                                   |
| CIDR            | `203.0.113.0/24`           | A whole `/24` (256 addresses)                                                                           |
| Implied IP      | `203.0.113.`               | Every address starting with `203.0.113.`                                                                |
| Hostname        | `bot.example.com`          | Resolved to an IP at block time, blocked once. If the hostname's IP changes, the block does not follow. |

## Block an IP

<Steps>
  <Step title="Type the IP, range, or CIDR">
    Use any of the formats above. cPanel validates the format before accepting it.
  </Step>

  <Step title="Click Add">
    The block is in effect immediately. Anyone hitting your site from a blocked address gets a `403 Forbidden`.
  </Step>
</Steps>

## Remove a block

The list at the bottom of the page shows every active block with a **Delete** action. Click it. The matching `Deny` line is stripped from `.htaccess` and the block lifts within seconds.

## Block a country

The IP Blocker doesn't have a country picker. Two ways to do it anyway:

* **Cloudflare WAF.** If your domain runs through Cloudflare proxy (orange cloud), use **Security → WAF → Custom rules** with `ip.src.country eq "RU"` (replace as needed). Far less invasive than blocking thousands of IPs at the origin.
* **Pre-computed CIDR list.** Fetch the country's IP ranges from a list like [ipdeny.com](https://www.ipdeny.com/ipblocks/) or [ipinfo.io](https://ipinfo.io). Paste them one CIDR at a time, or open a ticket and we'll script the bulk add for you.

The .htaccess approach gets unwieldy fast: a country block can be tens of thousands of CIDRs, which slows every request. Cloudflare or a server-level firewall is almost always the better fit.

## What the IP Blocker does *not* do

* It doesn't stop SSH or FTP. Those run on their own ports and the `.htaccess` deny rules don't apply. Block at the firewall via [Imunify360](/web-hosting/cpanel/security-settings/imunify360/overview) or open a ticket for an iptables rule.
* It doesn't stop a determined attacker rotating IPs. A single attacker on a botnet can use thousands of addresses. Layered defense (ModSecurity, Imunify360, Cloudflare) catches the pattern instead.
* It doesn't auto-unblock. There's no time limit. If you blocked your office's IP by mistake, log in to cPanel from elsewhere and remove it.

## Common issues

<AccordionGroup>
  <Accordion title="I blocked my own IP">
    Log in to cPanel from a different network (4G hotspot, public Wi-Fi, a VPN to a different country). Remove the block. Or open a support ticket; we can lift it server-side.
  </Accordion>

  <Accordion title="The block is in the list but the visitor still gets through">
    Cloudflare proxy hides the visitor's real IP, your origin sees Cloudflare's edge IP instead. Either disable proxy on the domain, or block the visitor at Cloudflare's WAF where the real IP is visible.
  </Accordion>

  <Accordion title="I need to block a moving target (botnet, scraper)">
    The IP Blocker is the wrong tool. Imunify360 catches and bans patterns automatically; ModSecurity rules can match on User-Agent or path. For an active attack, open a ticket.
  </Accordion>

  <Accordion title="A range I added doesn't seem to work">
    cPanel writes the rule with `Deny from <range>` syntax that Apache understands. If the range is huge (a `/8` or larger), Apache can be slow or refuse to parse it. Stick to `/16` or smaller; for bigger blocks, use Cloudflare or a firewall rule.
  </Accordion>
</AccordionGroup>

## Need a hand?

<CardGroup cols={2}>
  <Card title="Open a ticket" icon="life-ring" href="https://members.noxity.io/submitticket.php">
    Best for anything that needs an account check or a config change on our end.
  </Card>

  <Card title="Live chat" icon="messages" href="https://noxity.io/contact">
    Faster for quick questions during business hours.
  </Card>
</CardGroup>
