UnixServerAdmin

Server Administration & Management

How to block a country using mod_geoip

mod_geoip is a module that can be compiled into Apache on build.  However if you are on a VPS or a Dedicated Server you can compile this module into Apache. Then just do the following

Edit your .htaccess file

===================================
GeoIP ON
SetEnvIF GEOIP_COUNTRY_CODE CN BlockThese
SetEnvIF GEOIP_COUNTRY_CODE TR BlockThese
# Add more countries here
Deny from env=BlockThese
===================================

A full list of 2 digit country codes can be found here:

http://www.countryipblocks.net/country-blocks/ “OR”

http://www.ipdeny.com/ipblocks/ “OR”

http://www.iana.org/domains/root/db/

The above listed in the example are “CN = China” and “TR = Turkey”

You could also just reverse the .htaccess to make it ALLOW and enter US or UK as the country code.

If you don’t have mod_geoip installed, you could use the output generated through http://www.countryipblocks.net/country-blocks/select-formats/

Keep in mind that the larger the .htaccess file, the slower your site loadings will be as it has to process the .htaccess file on each loading.  IP numbers can also change and/or be added to certain country ranges.  You will need to remember to update this list accordingly.

Advertisements

April 29, 2011 Posted by | Apache, Firewall, Security, Tips & Tricks | , , , , | 2 Comments