Home General Topics How to Block/Allow traffic to a website from certain countries
General TopicsLinux BasicsServer Security

How to Block/Allow traffic to a website from certain countries

by Bella
written by Bella

If you inspect your server’s error logs, you may see that many visitors (for the most part robots) constantly request access to things they should not be allowed to see. If you see that such access are suspicious and they are trying to spam your forum or hijack your mail program, you may need to deny access from those IP’s.

Collecting such offending IP addresses by manually inspecting your logs across your site can become a full-time job.

In such cases, you may block access to the site on Country basis (from which the suspicious access was observed) , given that the site have very few legitimate visitors from these regions.

It can be done by using the mod_geoip apache module.

What is Mod_geoip
==============

Mod_geoip is a module for fast ip/location lookups. It uses MaxMind GeoIP / GeoCity databases. If the IP was found in the database the module sets the appropriate environments variables to the request, thus making other modules/fcgi be informed. In short, Mod_GeoIP module is used to get the geographic location of IP address of the visitor into the Apache web server. This module allows you to determine the visitor’s country, organization and location.

Installing and configuring mod_geoip apache module.
======================================

By following the below few simple steps, we can install and configure mod_geoip apache module in the server and restrict access to the websites on a country basis.

#yum install GeoIP GeoIP-devel GeoIP-data zlib-devel mod_geoip

#cd /var/lib

#wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz

#gunzip GeoIP.dat.gz

Open /etc/httpd/conf.d/geoip.conf and paste below code:

==========
LoadModule geoip_module modules/mod_geoip.so
<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /var/lib/GeoIP.dat
</IfModule>
==========

#/etc/init.d/apache restart

Now the Mod_geoip module is installed and enabled in the server.

Now lets see how to block the access on country basis to the websites hosted in our server.

For blocking two countries say CN and PK, open .htaccess file of the website and paste the codes:

————————–
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE PK BlockCountry
Deny from env=BlockCountry
————————–

7.For allowing a country, say India, paste the below code in htaccess :
—————————
SetEnvIf GEOIP_COUNTRY_CODE IN is_allowed
Deny from all
Allow from env=is_allowed
—————————

Thats all 🙂

If you require help, contact SupportPRO Server Admin

Server not running properly? Get A FREE Server Checkup By Expert Server Admins - $125 Value

Strengthening Server Hosting Compliance: ISO, GDPR, and Beyond

GCP Security : Expert-Approved Tactics to Protect Your...

Best Software Tools to Prevent Attacks on Servers...

How to Enable and Configure Network Bonding in...

Understanding SSH Port Forwarding: Your Complete Guide Explained

Common Server Issues and How to Troubleshoot Them

AWS Security – Dealing with Exposed AWS Access...

AWS Amplify in React Application deployment

Data recovery using Scalpel and Foremost

TightVNC Viewer for Windows

Leave a Comment

CONTACT US

Sales and Support

Phone: 1-(847) 607-6123
Fax: 1-(847)-620-0626
Sales: sales@supportpro.com
Support: clients@supportpro.com
Skype ID: sales_supportpro

Postal Address

1020 Milwaukee Ave, #245,
Deerfield, IL-60015
USA

©2022  SupportPRO.com. All Rights Reserved

X-twitter Facebook Linkedin Rss