Denying and allowing access to your website can be accomplished very easily with .htaccess. In order to block an IP address you would use the following command within your .htaccess file:
deny from 000.000.000.000
Replace 000.000.000.000
with the IP address you wish to block. If you only specify one or two groups of the numbers you will block a whole range of IP’s.
You can also use .htaccess to deny everyone access to a directory except for scripts. For example lets say that you have all your database passwords and configuration files in a folder called configs. You want to be able to include the files inside that folder using PHP in most of your webpages, but you don’t want them to be accessible via the internet. In order to accomplish this you would create a new .htaccess file and place it into the configs folder and place the following command into it:
deny from all
This would prevent that directory from being publicly accessible, however PHP will still be able to use it freely.
Furthermore instead of using numeric addresses, domain names (and subdomain names) can also be used to ban users. For example:
deny from myisp.com
This bans users with a remote hostname ending in myisp.com. This would stop all users connected to the internet via myisp.com from viewing your site.
Take note that using .htaccess to block an entire range or name is likely to lock out innocent users. Please use with caution.