If you're running Apache, you may also want to consider the Deny directive as supplementary to the hosts.deny/hosts.allow option. It can be placed within any .htaccess file, or within a <Directory> directive in the main configuration. For the sake of keeping it manageable, you'll probably want to go with your Deny directive.