SitePoint Sponsor

User Tag List

Results 1 to 13 of 13
  1. #1
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)

    Blocking China and India...

    My website has been getting a fair amount of visitors from China.

    That spells trouble to me.

    How do I block visitors from China and India?

    Thanks,


    Debbie

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    DD,

    The ip2country websites have lists of IP addresses from all countries. Download their database (or use a look-up tool to log-in) and get those IP address blocks and DENY each block. Unfortunately, you'll find that there are a huge list of blocks (for each) and really should block in the server's conf (or your vhosts.conf) file.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Member
    Join Date
    Feb 2012
    Posts
    10
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    You can use a geo-targeting script.

    Using the script, you can choose to redirect China and India visitors to some other sites like Google.

  4. #4
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    DD,

    The ip2country websites have lists of IP addresses from all countries. Download their database (or use a look-up tool to log-in) and get those IP address blocks and DENY each block.
    Do I have to pay to do that?


    Unfortunately, you'll find that there are a huge list of blocks (for each)
    How reliably can I say, "Block everyone coming from China"??


    and really should block in the server's conf (or your vhosts.conf) file.

    Regards,

    DK
    I have a VPS, so how would I do that?


    Debbie

  5. #5
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by joeyreyes View Post
    You can use a geo-targeting script.

    Using the script, you can choose to redirect China and India visitors to some other sites like Google.
    Can you elaborate some more?

    I'm not following you.


    Debbie

  6. #6
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    DD,

    Quote Originally Posted by DoubleDee View Post
    Do I have to pay to do that?
    Generally, no. To use their FULL and frequently updated database, that would be a yes.
    How reliably can I say, "Block everyone coming from China"??
    Not. They can easily use a proxy in the US to circumvent showing their own IP. This can quickly become a game and there a lot of experts over there so you can bet on losing the game. It's just not worth the effort, IMHO.
    I have a VPS, so how would I do that?
    Editing your Apache2.conf file to include
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    Debbie
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  7. #7
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    Quote Originally Posted by doubledee
    How reliably can I say, "Block everyone coming from China"??
    Not. They can easily use a proxy in the US to circumvent showing their own IP. This can quickly become a game and there a lot of experts over there so you can bet on losing the game. It's just not worth the effort, IMHO.
    But don't I have a reasonable concern??

    Why would anyone in Russia, China, Iran, etc want to visit my site - which is for U.S.-only consumption - unless they have nefarious intent?


    Quote Originally Posted by dklynn
    Quote Originally Posted by doubledee
    I have a VPS, so how would I do that?

    Editing your Apache2.conf file to include
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    What does <directory> do?


    What is FollowSymLinks used for?

    What is AllowOverride used for?

    I don't understand your code above.

    The way I have seen it online, you do...
    Code:
    Order Allow,Deny
    Deny From_____
    Allow From All

    It seems like your code doesn't account for Allowing IP's that are not on the Deny list?!


    Debbie

  8. #8
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    DD,

    Quote Originally Posted by DoubleDee View Post
    But don't I have a reasonable concern??
    Not really - websites are made to be available to the public.
    Why would anyone in Russia, China, Iran, etc want to visit my site - which is for U.S.-only consumption - unless they have nefarious intent?
    You'd be surprised how well foreigners read/speak English. Perhaps they're trying to sharpen their language skills? Okay, not all, certainly, but the gov't trained hackers would quickly get through just about any blocks you could install.
    What does <directory> do?
    Specifies the location you're concerned with, i.e., your root directory (and subdirectories) with the /.
    What is FollowSymLinks used for?
    Enables mod_rewrite.
    What is AllowOverride used for?
    Ditto.
    I don't understand your code above.
    It was pulled from my test server's httpd.conf and is basic to Apache's configuration.
    The way I have seen it online, you do...
    Code:
    Order Allow,Deny
    Deny From_____
    Allow From All
    Yes, but that would normally have a "wrapper" (the <Directory /> ... </Directory> performs that function).
    It seems like your code doesn't account for Allowing IP's that are not on the Deny list?!
    You want me to do your homework for you? The list is LONG and would go in the Deny where you've got the _____'s.
    Debbie
    I did a search for "block Chinese traffic" and received several great links:

    http://www.countryipblocks.net/count...elect-formats/ will provide the list of IP blocks by country in selectable formats.

    http://www.maxmind.com/app/mod_geoip provides an Apache module which you can install for a quick lookup on your server - directions are on the site.

    http://www.parkansky.com/china.htm gives the exact code for China, Russia, etc. by blocking IP address ranges.

    All these are TOO MUCH for an .htaccess file so be sure to only test there briefly before moving to your Apache2.conf file on the production server.

    One clue, though, since you only want US visitors. Reverse the Allow,Deny and list the US IP addresses in the Allow group and it will save you from my being able to view your website (from NZ), too!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  9. #9
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    All these are TOO MUCH for an .htaccess file so be sure to only test there briefly before moving to your Apache2.conf file on the production server.
    Why?

    Why would your code work okay in the Apache2.conf file but not in a .htaccess file?

    Again, I don't understand the difference is the approach.



    One clue, though, since you only want US visitors. Reverse the Allow,Deny and list the US IP addresses in the Allow group and it will save you from my being able to view your website (from NZ), too!

    Regards,

    DK
    For now I am okay with most countries, just not China, India, Russia, and a few others plus a few renegade IP's in NZ...


    Can we go over this again...
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>

    1.) Am I supposed to replace "<Directory />" with something specific like "Path to Debbie's Web Root"??


    2.) If I leave out...
    Code:
    Options FollowSymLinks
        AllowOverride All
    ...what would happen?


    3.) This code...
    Code:
        Order deny,allow
    ...says, "Perform Deny directives first and then do Allow directives next, right?


    4.) If there are no *allowable* IP's in #3, then isn't that a problem?

    I thought we want to say "Deny these IP's and then Allow everything else that is remaining"?


    5.) Does just the order of this line matter...
    Code:
        Order deny,allow

    Or does the order of the following lines matter to...
    Code:
    Deny from all
    Allow from example.com
    Thanks,


    Debbie

  10. #10
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    DD,
    Quote Originally Posted by DoubleDee View Post
    Why?
    I've repeated this so many times that I need to add it to my list of rants: The .htaccess file must be read for each and every file request (yes, including .css, .js, .jpg, .gif as well as your .php, .html, .asp, etc.). That slows a server down tremendously. If in the server's configuration file, it will only be read once.
    Why would your code work okay in the Apache2.conf file but not in a .htaccess file?
    As above.
    Again, I don't understand the difference is the approach.

    For now I am okay with most countries, just not China, India, Russia, and a few others plus a few renegade IP's in NZ...
    Well, that makes it harder to implement (more lines of code to list all the IP ranges in .cn, .in, ru "and a few others"). Listing the "acceptable" countries would also be difficult (long lines of code) but selecting only your target country would limit the list of countries.

    Of course, using the geoIP API would resolve that problem for you ... assuming you looked at the links I supplied for you.

    Can we go over this again...
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    Did you look at the Deny line(S OF CODE) in the first link?
    1.) Am I supposed to replace "<Directory />" with something specific like "Path to Debbie's Web Root"??
    That depends on where you implement. If in your .htaccess file, / IS the "Path to Debbie's Web Root". If in the server's configuration file, either use Apache's root OR specify only your own web root.
    2.) If I leave out...
    Code:
    Options FollowSymLinks
        AllowOverride All
    ...what would happen?
    Nothing ... on the assumption that it's already in your server configuration file.

    3.) This code...
    Code:
        Order deny,allow
    ...says, "Perform Deny directives first and then do Allow directives next, right?
    Right.

    4.) If there are no *allowable* IP's in #3, then isn't that a problem?

    I thought we want to say "Deny these IP's and then Allow everything else that is remaining"?
    No, allow everything else can be specified but I believe it's assumed.

    5.) Does just the order of this line matter...
    Code:
        Order deny,allow

    Or does the order of the following lines matter to...
    Code:
    Deny from all
    Allow from example.com
    Example.com? Okay, that should work, too, but only if you visit from example.com (your IP address should resolve to example.com).
    Thanks,


    Debbie
    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  11. #11
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    Why?
    I've repeated this so many times that I need to add it to my list of rants: The .htaccess file must be read for each and every file request (yes, including .css, .js, .jpg, .gif as well as your .php, .html, .asp, etc.). That slows a server down tremendously. If in the server's configuration file, it will only be read once.
    Well, I didn't know that. That is why I was asking!

    That makes total sense.

    Sounds like using .htaccess is evil...


    Quote Originally Posted by dklynn
    Quote Originally Posted by doubledee
    Again, I don't understand the difference is the approach.

    For now I am okay with most countries, just not China, India, Russia, and a few others plus a few renegade IP's in NZ...
    Well, that makes it harder to implement (more lines of code to list all the IP ranges in .cn, .in, ru "and a few others"). Listing the "acceptable" countries would also be difficult (long lines of code) but selecting only your target country would limit the list of countries.

    Of course, using the geoIP API would resolve that problem for you ... assuming you looked at the links I supplied for you.
    I did look at it.

    I have no clue if it is installed on my VPS.


    Quote Originally Posted by doubledee
    Can we go over this again...
    Code:
    <Directory />
        Options FollowSymLinks
        AllowOverride All
        Order deny,allow
        Deny from {list of IP address blocks}
     </Directory>
    Did you look at the Deny line(S OF CODE) in the first link?
    Yes....

    I also asked why you didn't have anything for the Allow directive.

    I also asked if the absence of specific Allow would cause an issue.


    Quote Originally Posted by doubledee
    1.) Am I supposed to replace "<Directory />" with something specific like "Path to Debbie's Web Root"??

    [quote-dklynn]That depends on where you implement. If in your .htaccess file, / IS the "Path to Debbie's Web Root". If in the server's configuration file, either use Apache's root OR specify only your own web root.
    What file am I looking for again? And where would I find it on my VPS?


    Debbie

  12. #12
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,604
    Mentioned
    19 Post(s)
    Tagged
    2 Thread(s)
    DD,

    Quote Originally Posted by DoubleDee View Post
    Well, I didn't know that. That is why I was asking!

    That makes total sense.

    Sounds like using .htaccess is evil...

    It is ... when it's abused as many novice webmasters will tend to do. The long lists of individual page redirections, spiders to block and, well, country IP codes to block, tend to make .htaccess far too long. That said, it's either the only place some webmasters have available to them (not VPS or dedicated and won't ask their host to install for them) and it makes for a great place to test code before moving it to the server or virtual host configuration file.

    I did look at it.

    I have no clue if it is installed on my VPS.

    It's not likely but, as a VPS owner, you can install it (or have your host help you with the installation). If you're as concerned as you seem to be about foreign visitors, it'll be worth it.


    Yes....

    I also asked why you didn't have anything for the Allow directive.

    I also asked if the absence of specific Allow would cause an issue.

    Asked and answered. Repeat: I don't believe that it would cause a problem is missing. The code I presented was from my test server's httpd.conf and it doesn't cause a problem there.

    What file am I looking for again? And where would I find it on my VPS?

    That would depend upon the host, their setup and the OS being used. If you're not familiar with your VPS, I'd recommend that you ask your host to guide you through the edit and restart - safety first!

    Debbie
    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  13. #13
    SitePoint Wizard DoubleDee's Avatar
    Join Date
    Aug 2010
    Location
    Arizona
    Posts
    3,530
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Thanks for the help David!!


    Debbie


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •