Blocking specific countries from your site
 

Maybe I'm just not understanding things here so bear with me :D How come there isn't some simple way to block countries by using their two digit country code? I mean all ips resolve to a specific country right? So how come there isn't a script (or better yet something to put into htaccess) that checks the ip and then blocks it if the country id code is tagged for blocking?

<a href="http://incredibill.me/htaccess-block-country-ips" target="_blank">You can block them from the htaccess file</a>

If you're on a dedicated server you can also look into mod_geoip.

That will let you deny access using the country code.

I looked into doing it by ip (all that site does is generate a list of ips) ... but damn that's 100's of ips and slowed the site down a little.

--------------- Added [DATE]1372892164[/DATE] at [TIME]1372892164[/TIME] ---------------

I looked into geoip but I'm on a VPS and the host told me to use CSF or something ... but the one they installed doesn't have the "block by country" setting :(

csf does have cc_deny & has for a long time, just use the country codes, comma delimited values.

Have you looked at the IP deny manager in the Cpanel, you can deny IP ranges or parts of or all of by using ***

I only see options to block by ip, is there a module in csf specifically for cc_deny that needs to be enabled?

@John, Did you check in csf.conf? Should be around line 447

@spangle, its better to use iptables or apf, as these checks for IP banning are done at the server level, not by a deny via apaches htaccess, especially when you list huge lists of IPs, its going to kill apache.

In most large companies we use hardware firewalls to handle this. I know this is not useful information for most, but maybe an explanation on why there is not more sophisticated tools for the small guy. if on a shared server the best you can probably do is some sort of cpanel option, if they have it. if not then set some kind of IP filtering on vbulletin directories like ht-access. Of course it can be done in vbulletin, but this really isn't desired -- you don't really want them to get that far in. If the program is inefficient it can add significant server load and maybe even killing the server as @snake said.

I serve my daughters board over FIOS connection (which gets hammered) and I use a separate firewall for her server. You just need to purchase a descent enough firewall to handle this kind of option. Now I just monitor the IP's that get through to the server using any of the many server tools for doing this. I tried not to reinvent the wheel here.

If your a dedicated server, then there are some good solutions. I agree with @Snake.

snakes I don't see that file (probably don't have access to it :D ) so I'll ask the host and see what they say :)

Ty for the info tbworld, if I ever have a dedicated server I'll keep in mind the hardware firewall :)

--------------- Added [DATE]1373045497[/DATE] at [TIME]1373045497[/TIME] ---------------

I have another related question, if I block a country via csf (assuming the host allows this) can I have an exception for specific ips?