No, you do not need to add a deny condition/rule it is implied. Yes, you would need dots after each octect of the IP address. 3 octets: 100.99.88. 2 octets: 100.99.
# Allow,Deny # First, all Allow directives are evaluated. At least one must match, or the request is rejected. # Next, all Deny directives are evaluated. If any matches, the request is rejected. # Last, any requests which do not match an Allow or a Deny directive are denied by default. # # Deny,Allow # First, all Deny directives are evaluated. If any match, the request is denied unless # it also matches an Allow directive. Any requests which do not match any Allow or Deny directives are permitted. # # *Match* -------------------- *Allow,Deny result* -------------------- *Deny,Allow result* # Match Allow only ----------- Request allowed ------------------------ Request allowed # Match Deny only ------------ Request denied ------------------------- Request denied # No match ------------------- Default to second directive: Denied ---- Default to second directive: Allowed # Match both Allow & Deny ---- Final match controls: Denied ----------- Final match controls: Allowed