How to Block Amazon AWS Traffic

If you need to block traffic originating from Amazon AWS IP ranges, you can use the methods below. Amazon publishes their IP ranges publicly, which makes it possible to generate .htaccess deny rules automatically.

These commands are run via SSH on your hosting account.

List all AWS IP ranges

curl -sf https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[].ip_prefix'

Generate .htaccess deny rules

To output deny statements you can add to your .htaccess file:

curl -sf https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[].ip_prefix' | awk '{print "deny from " $0}'

Append deny rules directly to .htaccess

To add the deny rules directly to your existing .htaccess file:

curl -sf https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[].ip_prefix' | awk '{print "deny from " $0}' >> .htaccess

Complete .htaccess blocking solution

To create a complete block that allows all traffic except AWS:

echo "order allow,deny" >> .htaccess
echo "allow from all" >> .htaccess
curl -sf https://ip-ranges.amazonaws.com/ip-ranges.json | jq -r '.prefixes[].ip_prefix' | awk '{print "deny from " $0}' >> .htaccess

Caution

Amazon regularly updates their IP ranges. Any block list you generate will become outdated over time. You may need to regenerate the rules periodically to maintain coverage.