Register Members List Search Today's Posts Mark Forums Read

Reply
 
Thread Tools
  #1  
Old 03 Jul 2013, 22:34
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
Question Blocking specific countries from your site

Maybe I'm just not understanding things here so bear with me How come there isn't some simple way to block countries by using their two digit country code? I mean all ips resolve to a specific country right? So how come there isn't a script (or better yet something to put into htaccess) that checks the ip and then blocks it if the country id code is tagged for blocking?
Reply With Quote
  #2  
Old 03 Jul 2013, 22:41
ForceHSS's Avatar
ForceHSS ForceHSS is offline
 
Join Date: Apr 2008
You can block them from the htaccess file
Reply With Quote
  #3  
Old 03 Jul 2013, 22:44
nhawk nhawk is offline
 
Join Date: Jan 2011
If you're on a dedicated server you can also look into mod_geoip.

That will let you deny access using the country code.
Reply With Quote
  #4  
Old 03 Jul 2013, 22:54
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
Originally Posted by ForceHSS View Post
I looked into doing it by ip (all that site does is generate a list of ips) ... but damn that's 100's of ips and slowed the site down a little.

--------------- Added 03 Jul 2013 at 22:56 ---------------

Originally Posted by nhawk View Post
If you're on a dedicated server you can also look into mod_geoip.

That will let you deny access using the country code.
I looked into geoip but I'm on a VPS and the host told me to use CSF or something ... but the one they installed doesn't have the "block by country" setting
Reply With Quote
  #5  
Old 03 Jul 2013, 23:38
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
csf does have cc_deny & has for a long time, just use the country codes, comma delimited values.
Reply With Quote
  #6  
Old 04 Jul 2013, 14:42
Spangle Spangle is offline
 
Join Date: Jun 2011
Originally Posted by John Lester View Post
Maybe I'm just not understanding things here so bear with me How come there isn't some simple way to block countries by using their two digit country code? I mean all ips resolve to a specific country right? So how come there isn't a script (or better yet something to put into htaccess) that checks the ip and then blocks it if the country id code is tagged for blocking?
Have you looked at the IP deny manager in the Cpanel, you can deny IP ranges or parts of or all of by using ***
Reply With Quote
  #7  
Old 04 Jul 2013, 17:14
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
Originally Posted by snakes1100 View Post
csf does have cc_deny & has for a long time, just use the country codes, comma delimited values.
I only see options to block by ip, is there a module in csf specifically for cc_deny that needs to be enabled?
Reply With Quote
  #8  
Old 04 Jul 2013, 18:26
snakes1100 snakes1100 is offline
 
Join Date: Dec 2001
Real name: Anthony
@John, Did you check in csf.conf? Should be around line 447

@spangle, its better to use iptables or apf, as these checks for IP banning are done at the server level, not by a deny via apaches htaccess, especially when you list huge lists of IPs, its going to kill apache.
Reply With Quote
  #9  
Old 04 Jul 2013, 22:25
tbworld tbworld is offline
 
Join Date: Oct 2008
In most large companies we use hardware firewalls to handle this. I know this is not useful information for most, but maybe an explanation on why there is not more sophisticated tools for the small guy. if on a shared server the best you can probably do is some sort of cpanel option, if they have it. if not then set some kind of IP filtering on vbulletin directories like ht-access. Of course it can be done in vbulletin, but this really isn't desired -- you don't really want them to get that far in. If the program is inefficient it can add significant server load and maybe even killing the server as @snake said.

I serve my daughters board over FIOS connection (which gets hammered) and I use a separate firewall for her server. You just need to purchase a descent enough firewall to handle this kind of option. Now I just monitor the IP's that get through to the server using any of the many server tools for doing this. I tried not to reinvent the wheel here.

If your a dedicated server, then there are some good solutions. I agree with @Snake.
Reply With Quote
  #10  
Old 05 Jul 2013, 00:35
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
snakes I don't see that file (probably don't have access to it ) so I'll ask the host and see what they say

Ty for the info tbworld, if I ever have a dedicated server I'll keep in mind the hardware firewall

--------------- Added 05 Jul 2013 at 17:31 ---------------

I have another related question, if I block a country via csf (assuming the host allows this) can I have an exception for specific ips?
Reply With Quote
  #11  
Old 06 Jul 2013, 23:54
Ba'al's Avatar
Ba'al Ba'al is offline
 
Join Date: Oct 2010
http://www.vbulletin.org/forum/showthread.php?t=256963
__________________
Reply With Quote
  #12  
Old 07 Jul 2013, 00:42
tbworld tbworld is offline
 
Join Date: Oct 2008
I have another related question, if I block a country via CSF (assuming the host allows this) can I have an exception for specific ips?
Looking at the documentation for CSF it looks like you can, since it does allow white-listing along with blocking countries by codes.

Last edited by tbworld; 07 Jul 2013 at 00:48.
Reply With Quote
  #13  
Old 07 Jul 2013, 02:03
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
Ba'al thanks for the suggestion, I looked into that mod but using a php script uses too many resources.

tbworld, that was my impression from reading the docs too. I was hoping that someone could verify that it does indeed work that way
Reply With Quote
  #14  
Old 07 Jul 2013, 02:45
tbworld tbworld is offline
 
Join Date: Oct 2008
Originally Posted by John Lester View Post
I was hoping that someone could verify that it does indeed work that way
If you do not get a reply and you decide that you can use CSF, I can load it up on a test server for you and give it a whirl, but probably an email to your host company will provide you the same information. Anyway, you know where to find me if you need a hand.
Reply With Quote
  #15  
Old 09 Jul 2013, 02:41
John Lester's Avatar
John Lester John Lester is offline
 
Join Date: Nov 2004
It looks like I over looked the proper area in my WHM to find the cc_deny in csf My host directed me where to go and all is well now
Reply With Quote
Reply



Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off


New To Site? Need Help?

All times are GMT. The time now is 04:46.

Layout Options | Width: Wide Color: