IP address blocking

From Wikipedia, the free encyclopedia
  (Redirected from IP blocking)
Jump to: navigation, search
For Wikipedia's use of IP address blocking, see Wikipedia:Blocking IP addresses.

IP address blocking is a block set up by a server or website that blocks requests originating from particular IP addresses or ranges of addresses. An IP address block can be applied by a website, mail server, or other Internet server.

Unix-like operating systems commonly implement IP address blocking using TCP Wrapper, configured by host access control files[1] /etc/hosts.deny and /etc/hosts.allow.

IP address blocking is commonly used to protect against brute force attacks. Both companies and schools offering remote user access use Linux programs such as DenyHosts or Fail2ban for protection from unauthorized access while allowing permitted remote access. This is also useful for people who want to remotely access their computers. It is also used for Internet censorship.

On a website, an IP address block can prevent a disruptive member from access, though a warning and/or account block may be used first. Dynamic allocation of IP addresses by ISPs can complicate incoming IP address blocking, rendering it difficult to block a specific user without blocking a larger number of IP addresses (blocks of IP address ranges), thereby risking collateral damage caused by ISPs sharing IP addresses of multiple Internet users.

IP address blocking of the Showtime website for non-US origins

IP address blocking can also be used to restrict access to or from a particular geographic area—for example, the syndication of content to a specific region. To achieve this, IP addresses are mapped to the countries they have been assigned to. This has been used for example to target Nigerian IP addresses due to the perception that all business originating from the country is fraudulent, thus making it extremely difficult for legitimate businesses based in the country to interact with their counterparts in the rest of the world. To make purchases abroad, Nigerians must rely on proxy servers to disguise the true origin of a Internet request.[citation needed]

Bypassing an IP address block[edit]

Proxy servers can be used to bypass an IP address block[2] but a website may implement anti-proxy strategies.

In a 2013 United States court ruling on Craigslist v. 3Taps, US federal judge Charles R. Breyer held that circumventing an IP block in order to access a website (for example using anoynymous proxies) is a violation of CFAA, punishable by civil damages for "unauthorized access".[3]

See also[edit]


  1. ^ HOSTS_ACCESS(5) FreeBSD man page. Wietse Venema.
  2. ^ Eckersley, Peter. "Six Tips to Protect Your Search Privacy". Electronic Freedom Foundation. Retrieved 17 April 2014. 
  3. ^ "IP Cloaking Violates Computer Fraud and Abuse Act, Judge Rules". WIRED. 20 August 2013. 

External links[edit]