order deny,allow not working in htaccess

You should look at the AllowOverride clauses in your conf files. They basically give authorization to .htaccess to override the values in the .conf files.

This happens to me often, and it's always because I'm not using the IP address that I think I'm using. It sounds silly, but it's surprisingly easy to do, as most computers on the Internet can be represented by at least two IP addresses: one private for LAN, and one exposed to the Internet, typically through a router with NAT enabled.

For example, I was setting up a country IP block whitelist. I figure that since I am in the same LAN as my server, I won't start off on the whitelist, which will make for a good testing opportunity. However, no matter what I do, I can't seem to deny myself with a proper whitelist. I had forgotten that I was accessing my server via its external IP: I was going to home.example.com, which I had mapped to my router's Internet IP address. My router understood that I intended to loop back into the network, so it was seamless--until my IP address mattered.

There were hackish ways that I could get around the problem without going to the LAN IP, of course. It might seem like Apache were buggy, since I could take out a single Allow from statement, and it would work.

The point is: if it doesn't work, check your IP address in the eyes of Apache.

I resolved this my moving the bad bot block into the vhost file of each domain and now use the vhost file to limit access. A bit of a pain not being to be able to do it globally for the bots so if anyone else has a better answer would be welcome :)

The actual problem is in which order you define Deny/Allow or Allow/Deny? The file below worked for me as expected.

Your .htaccess file should look like:

Order Deny,Allow
Allow from 12.99.60.128
Allow from 79.18.77.63
Allow from 181.67.136.49
Deny from All

Don't forget: Thumbs up if it works for you too.