If you have a Nginx reverse proxy in front of your Apache webserver the .htaccess format is:
# ALLOW USER BY IP
order deny,allow
SetEnvIF X-Forwarded-For "1.2.3.4" DenyIP
SetEnvIF X-Forwarded-For "10." DenyIP
Deny from env=DenyIP
You must use X-Forward or it will not work unless the reverse proxy is setup in a certain way. As you can see, just update the IP’s you want blacklisted and they will be blocked. Yes, you can do the same thing with a firewall, but webmasters don’t have control of those.
Why?
The reason I did this recently is because of a Nginx + cPanel server setup running shared hosting. When a domain gets caught spamming due to insecure scripts or it’s getting hammered by an exploit, it is best to suspend the domain. Yes, but then when the client wants to work on it, they can’t.