Blocking all countries accept the USA

I have a php site and am getting some spam via my registration page although it has a CAPTCHA image.

Some suggested blocking certain countries who they believed were the most notorious spammers.

They directed me to this page:

where the author suggests code like this:

SetEnvIf CF-IPCountry CN BuzzOff=1
SetEnvIf CF-IPCountry RU BuzzOff=1
SetEnvIf CF-IPCountry IN BuzzOff=1
Order allow,deny
Allow from all
Deny from env=BuzzOff

A commentor on that page said this;

"wondering how I might be able to do basically the opposite, which would be to set htaccess to only allow visitors from specific countries…would like to restrict it to only US visitors without listing every other country on the planet. My gut says this should work:

SetEnvIf CF-IPCountry US IsUSA=1
Order deny,allow
Deny from all
Allow from env=IsUSA"

Has anyone had success with these types of approaches?
Do you think this code can block all but the USA. I’d be interested in targeting only usa visitors to my site.

Can you provide some insight or your opinion on this subject?
Do you have a better solution?


It’s probably more effective to target countries by IP, but it can be a big job keeping up with all the IPs around the world, so there are services out there that do that for you, such as:


Oops, I see the link above is a variation of the same thing. O well, another link might help, anyhow. :slight_smile:

The solution you found won’t work unless you are using CloudFlare and the author of that post has long since gone away.

To deal with web spammers, use a HTTP DNSRBL. While most DNSRBL’s are for e-mail, there are a few for websites now. I’ve got a working list on the following page with a good set of filter definitions:

After doing DNSRBL, if you still want to block all countries except the good ol’ US of A, use the MaxMind GeoIP Lite city or country database and their PHP code for accessing the database you want to use. Just feed the IP address in and get a record containing a country back.