mod_hosts_access This is a DSO (dynamically shared object) module for the Apache webserver that uses libwrap (TCP Wrapper) to check if the connecting hosts is allowed. This system works well with dynamic blocking scripts, such as DenyHosts, and configfile distribution systems, such as Cfengine. Especially if other blocking methods differ between hosts at a site (e.g. kernel-level firewalling means). At an appropriate place (i.e. where other modules are loaded similarly), add to /etc/httpd/httpd.conf following line: LoadModule hosts_access_module lib/httpd/modules/mod_hosts_access.so The /etc/hosts.{allow,deny} access control checking for the "httpd" service can now be enabled or disabled on a per directory basis, by adding HostsAccess directive to its declaration, e.g. again in /etc/httpd/httpd.conf: # First, we configure the "default" to be a very restrictive set of # permissions. # # # HostsAccess On # Options FollowSymLinks # AllowOverride None # To test, restart apache for it to load the module; edit /etc/hosts.allow adding a line like the following: httpd: localhost: deny Access from 'localhost' (127.0.0.1) should now be disallowed, thus requesting the index page should fail, to verify try: lynx -dump localhost The same can be done in a .htaccess file if AllowOverride Limit has been set.