Maybe I'm just not understanding things here so bear with me :D How come there isn't some simple way to block countries by using their two digit country code? I mean all ips resolve to a specific country right? So how come there isn't a script (or better yet something to put into htaccess) that checks the ip and then blocks it if the country id code is tagged for blocking?

<a href="http://incredibill.me/htaccess-block-country-ips" target="_blank">You can block them from the htaccess file</a>

If you're on a dedicated server you can also look into mod_geoip.

That will let you deny access using the country code.

You can block them from the htaccess file (http://incredibill.me/htaccess-block-country-ips)

I looked into doing it by ip (all that site does is generate a list of ips) ... but damn that's 100's of ips and slowed the site down a little.

--------------- Added 1372892164 at 1372892164 ---------------

If you're on a dedicated server you can also look into mod_geoip.

That will let you deny access using the country code.

I looked into geoip but I'm on a VPS and the host told me to use CSF or something ... but the one they installed doesn't have the "block by country" setting :(

csf does have cc_deny & has for a long time, just use the country codes, comma delimited values.

Maybe I'm just not understanding things here so bear with me :D How come there isn't some simple way to block countries by using their two digit country code? I mean all ips resolve to a specific country right? So how come there isn't a script (or better yet something to put into htaccess) that checks the ip and then blocks it if the country id code is tagged for blocking?

Have you looked at the IP deny manager in the Cpanel, you can deny IP ranges or parts of or all of by using ***

csf does have cc_deny & has for a long time, just use the country codes, comma delimited values.

I only see options to block by ip, is there a module in csf specifically for cc_deny that needs to be enabled?

@John, Did you check in csf.conf? Should be around line 447

@spangle, its better to use iptables or apf, as these checks for IP banning are done at the server level, not by a deny via apaches htaccess, especially when you list huge lists of IPs, its going to kill apache.

In most large companies we use hardware firewalls to handle this. I know this is not useful information for most, but maybe an explanation on why there is not more sophisticated tools for the small guy. if on a shared server the best you can probably do is some sort of cpanel option, if they have it. if not then set some kind of IP filtering on vbulletin directories like ht-access. Of course it can be done in vbulletin, but this really isn't desired -- you don't really want them to get that far in. If the program is inefficient it can add significant server load and maybe even killing the server as @snake said.

I serve my daughters board over FIOS connection (which gets hammered) and I use a separate firewall for her server. You just need to purchase a descent enough firewall to handle this kind of option. Now I just monitor the IP's that get through to the server using any of the many server tools for doing this. I tried not to reinvent the wheel here.

If your a dedicated server, then there are some good solutions. I agree with @Snake.

snakes I don't see that file (probably don't have access to it :D ) so I'll ask the host and see what they say :)

Ty for the info tbworld, if I ever have a dedicated server I'll keep in mind the hardware firewall :)

--------------- Added 1373045497 at 1373045497 ---------------

I have another related question, if I block a country via csf (assuming the host allows this) can I have an exception for specific ips?

<a href="https://vborg.vbsupport.ru/showthread.php?t=256963" target="_blank">https://vborg.vbsupport.ru/showthread.php?t=256963</a>

I have another related question, if I block a country via CSF (assuming the host allows this) can I have an exception for specific ips?Looking at the documentation for CSF it looks like you can, since it does allow white-listing along with blocking countries by codes.

Ba'al thanks for the suggestion, I looked into that mod but using a php script uses too many resources.

tbworld, that was my impression from reading the docs too. I was hoping that someone could verify that it does indeed work that way ;)

I was hoping that someone could verify that it does indeed work that way ;)

If you do not get a reply and you decide that you can use CSF, I can load it up on a test server for you and give it a whirl, but probably an email to your host company will provide you the same information. Anyway, you know where to find me if you need a hand.

It looks like I over looked the proper area in my WHM to find the cc_deny in csf :D My host directed me where to go and all is well now :)

Good to hear @john.