I have researched all the published advice on the topic, but so far nothing seems to work. I want to ban IPs in .htaccess. But I am on a shared server without mod_cloudflare. I need to be able to access the origin IPs rather than the proxy ones.
This was my best effort, but it didn’t work:
SetEnvIf HTTP_CF_CONNECTING_IP (^184.108.40.206) bad_bot
SetEnvIf HTTP_CF_CONNECTING_IP (^456.456.456.456) bad_bot
Require all Granted
Require not env bad_bot
I don’t have any trouble getting the CF_CONNECTING_IP in php, but I would rather use .htaccess.
Something wrong with the syntax? Any other ideas?