SitePoint Sponsor

User Tag List

Results 1 to 11 of 11
  1. #1
    SitePoint Addict
    Join Date
    Nov 2009
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    How to prevent access from certain countries?

    Hi,

    I am getting a lot of spam visitors (most probably faked) to my websites from a certain country (Ukraine) and I want to block this country because they are wasting my bandwidth for nothing. Is this an easy task with htaccess or something like that? Awstats can list visitors based on their country, that makes me think that it is possible to identify a visitor's country and then blocking it should be easy.

    I wish we didn't have such webmasters in the world but unfortunately we have and I fear that we will always have.

  2. #2
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    nayen,

    ip2country.com has an api which you can use which determines the country a visitor is from. Whether you use it to allow or deny a visitor access to your website is your business (and your coding).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  3. #3
    SitePoint Addict
    Join Date
    Nov 2009
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    nayen,

    ip2country.com has an api which you can use which determines the country a visitor is from. Whether you use it to allow or deny a visitor access to your website is your business (and your coding).

    Regards,

    DK
    Hi David, thanks for the suggestion. That website seems to be selling databases for a yearly price. I might consider them if my websites get bigger and bring in more money. But at this time, I am looking for a free solution if possible.

    I know that IP address of visitors can be identified by PHP, can't we do the same for country codes? Or does it always have to be checked from a pre-defined database?

  4. #4
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Nayen,

    Sorry, there ARE IP to country websites which offer their services for free ... and even provide the PHP code for you to use. After a search, I've (re)discovered http://phpweby.com/software/ip2country.

    If you've ever looked at the IP blocks by country and how they're presented (the quad blocks are multiplied out to give a numerical entry, e.g., your localhost is 127.0.0.1 which will be accessed as 127*256*256*256+0*256*256+0*256+1 or 2130706433), you know that you want to keep away from that! When the databases need updating frequently, you KNOW that's something to leave to others, too!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  5. #5
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Nayen,

    "Eureka!" (Translation: I found it!)

    http://www.ipinfodb.com/ offers an API with coding examples in two steps, a free version and a more accurate detailed version. If all you need is the country identification, the free version will do it for you.

    Sorry it took so long for me to find it - it was hidden in plain sight!

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  6. #6
    SitePoint Addict
    Join Date
    Nov 2009
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by dklynn View Post
    Nayen,

    "Eureka!" (Translation: I found it!)

    http://www.ipinfodb.com/ offers an API with coding examples in two steps, a free version and a more accurate detailed version. If all you need is the country identification, the free version will do it for you.

    Sorry it took so long for me to find it - it was hidden in plain sight!

    Regards,

    DK
    David, thank you very much for your continued help and contribution. That will surely help.

    About this country identification based on IP blocks, I think it would have been a lot easier and faster for us if the countries had IP blocks within a certain range and not hundreds of different ranges. I think whoever allocated those IP addresses years ago, didn't do a great job.

  7. #7
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,207
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Another one I know of is IP2nation: http://www.ip2nation.com/

  8. #8
    SitePoint Addict
    Join Date
    Nov 2009
    Posts
    310
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    So, let's say I want to allow traffic only from the US. I created a sample htaccess file from ipinfodb.com and it is 43000+ lines. Would that dramatically affect my website loading speed? Will it cause high load on the server? I wish there was a simpler method for identifying visitor's country. Maybe in some near future someone discovers a way to do that without checking thousands of IP blocks.

  9. #9
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    Ralph,

    ip2nation also requires that you download and maintain a massive database - NOT a desirable option!

    nayen,

    OMG! Yes, yes and there is! Simply use a PHP script as an autoprepend to obtain the two letter country code (from the API provided) and allow/reject based on that! The script which ipinfodb offers connects to their server to use their database (which they maintain)

    Of course, visitors using a proxy server can get around that but you should be able to use the Apache variable shown here:

    Quote Originally Posted by http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html
    %{HTTP:header}, where header can be any HTTP MIME-header name, can always be used to obtain the value of a header sent in the HTTP request. Example: %{HTTP:Proxy-Connection} is the value of the HTTP header ``Proxy-Connection:''.

    If a HTTP header is used in a condition this header is added to the Vary header of the response in case the condition evaluates to to true for the request. It is not added if the condition evaluates to false for the request. Adding the HTTP header to the Vary header of the response is needed for proper caching.
    That could (untested) be used like:

    Code:
    ...
    # Since the HTTP_PROXY_CONNECTION is either null (false) or contains the HTTP_PROXY_CONNECTION value (true)
    RewriteCond %{HTTP_PROXY_CONNECTION} false 
    RewriteRule .? - [F]
    Of course, a truly anonymous proxy server should be able to hide this information.

    Alternatively, I don't know whether anonymous proxy servers can use the HTTPS protocol (I would be surprised if they could not) but that may be another option.

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  10. #10
    Certified Ethical Hacker silver trophybronze trophy dklynn's Avatar
    Join Date
    Feb 2002
    Location
    Auckland
    Posts
    14,653
    Mentioned
    19 Post(s)
    Tagged
    3 Thread(s)
    nayen,

    I've been expanding my online tutorial into a complete book. Here is the code I have to:

    Quote Originally Posted by DK's draft mod-rewrite for Webmasters book
    Ban All Proxy Requests

    To ban a proxy request, all you have to do is use the {HTTP_PROXY_CONNECTION} or {HTTP_FORWARDED} variables, test whether they're null and, if not, send the Fail code:

    Code:
    RewriteCond %{HTTP_FORWARDED} !^$
    RewriteCond %{HTTP_PROXY_CONNECTION} !^$
    RewriteRule .? [F]
    Of course, just like the Host Deny of the previous section, the proxy server must announce itself - and no self-respecting anonymous proxy server would ever do that!
    Okay, that's nearly identical to what I'd just provided so you should be able to use either (I think I prefer the false over 'not empty' but I'll allow you to test on your server).

    Regards,

    DK
    David K. Lynn - Data Koncepts is a long-time WebHostingBuzz (US/UK)
    Client and (unpaid) WHB Ambassador
    mod_rewrite Tutorial Article (setup, config, test & write
    mod_rewrite regex w/sample code) and Code Generator

  11. #11
    It's all Geek to me silver trophybronze trophy
    ralph.m's Avatar
    Join Date
    Mar 2009
    Location
    Melbourne, AU
    Posts
    24,207
    Mentioned
    456 Post(s)
    Tagged
    8 Thread(s)
    Off Topic:

    Quote Originally Posted by dklynn View Post
    ip2nation also requires that you download and maintain a massive database - NOT a desirable option!
    OK, I see. The CMS I use included ip2nation and updates it somehow by itself, so I've been spoiled.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •