Here is a simple .htaccess file for use with Apache, which handles many the basics:
First , it prevents reading of any filenames which begin with ".ht"; such as ".htaccess" & ".htpasswrd".
Second, it removes PUT & DELETE abilities, but allows GET & POST.
Third the GET/POST block specific IP addresses or IP subnets.
You can use something like this as a base, and build upon it for other things.
Order Deny,Allow
<Files ~ "^\.ht">
Order allow,deny
Deny from all
Satisfy all
</Files>
<Limit PUT DELETE>
Deny from all
</Limit>
<Limit GET POST>
Deny from 116.193.8.0/21
Deny from 69.69.69.69
</Limit>