[SOLUTION] How can I block Nigeria IP's? Either ASP.NET, IIS7, or Win Server 2008

Course Of The Month

8 days, 13 hours left to enroll

View June's Free Course

Become a Premium Member and unlock a new, free course in leading technologies each month.

I dont care where it is done: either on Win Server 2008, IIS7, or ASP.NET...
I want to block Nigeria IP addresses from using my website.

I apologize to the good people of nigeria, but 99% of all traffic I get from that country is malicious and the manhours spent is not worth it. if the good people of nigeria would clean up their internet usages by cracking down on the web crime there, then maybe more web masters would not take drastic action like this, but i just have little choice. im too busy and need a quick fix for the rampant scams i keep dealing with over IP addresses originating in nigeria.

You can purchase something like GeoIP or ISA Embargo, or I believe you can use .htaccess on Windows Server.

Sample for Nigeria:

# Country: NIGERIA
# ISO Code: NG
# Total Networks: 97
# Total Subnets: 669,184
deny from 41.58.0.0/16
deny from 41.67.128.0/18
deny from 41.71.128.0/17
deny from 41.73.0.0/19
deny from 41.73.128.0/19
deny from 41.73.224.0/19
deny from 41.75.16.0/20
deny from 41.75.192.0/20
deny from 41.76.64.0/21
deny from 41.76.72.0/21
deny from 41.76.80.0/21
deny from 41.76.152.0/21
deny from 41.76.192.0/21
deny from 41.78.8.0/22
deny from 41.78.12.0/22
deny from 41.78.80.0/22
deny from 41.78.88.0/22
deny from 41.78.100.0/22
deny from 41.78.156.0/22
deny from 41.78.172.0/22
deny from 41.84.160.0/19
deny from 41.86.128.0/19
deny from 41.87.64.0/19
deny from 41.138.160.0/19
deny from 41.139.64.0/18
deny from 41.155.0.0/17
deny from 41.184.0.0/16
deny from 41.189.0.0/19
deny from 41.190.0.0/19
deny from 41.190.240.0/22
deny from 41.191.108.0/22
deny from 41.203.64.0/19
deny from 41.203.96.0/19
deny from 41.204.224.0/19
deny from 41.205.160.0/19
deny from 41.206.0.0/19
deny from 41.206.224.0/19
deny from 41.211.192.0/18
deny from 41.215.244.0/22
deny from 41.216.160.0/20
deny from 41.216.232.0/22
deny from 41.217.0.0/17
deny from 41.217.204.0/22
deny from 41.219.128.0/18
deny from 41.219.192.0/18
deny from 41.220.64.0/20
deny from 41.221.112.0/20
deny from 41.221.160.0/20
deny from 41.222.40.0/21
deny from 41.222.64.0/21
deny from 41.222.144.0/21
deny from 41.222.208.0/22
deny from 41.223.64.0/22
deny from 41.223.128.0/22
deny from 41.223.136.0/22
deny from 41.223.144.0/22
deny from 41.223.168.0/22
deny from 62.173.32.0/19
deny from 62.193.160.0/19
deny from 80.248.0.0/20
deny from 80.250.32.0/20
deny from 82.128.0.0/17
deny from 193.189.0.0/18
deny from 193.189.64.0/23
deny from 193.189.128.0/24
deny from 195.166.224.0/19
deny from 196.1.133.0/24
deny from 196.1.176.0/20
deny from 196.3.60.0/22
deny from 196.3.180.0/22
deny from 196.10.202.0/24
deny from 196.22.6.0/24
deny from 196.28.10.0/24
deny from 196.29.208.0/20
deny from 196.32.224.0/23
deny from 196.40.192.0/18
deny from 196.45.48.0/20
deny from 196.46.20.0/24
deny from 196.46.27.0/24
deny from 196.46.144.0/22
deny from 196.46.240.0/21
deny from 196.200.64.0/20
deny from 196.200.112.0/20
deny from 196.207.0.0/20
deny from 196.216.144.0/22
deny from 196.216.148.0/22
deny from 196.216.184.0/22
deny from 196.216.251.0/24
deny from 196.216.253.0/24
deny from 196.216.255.0/24
deny from 196.220.0.0/19
deny from 196.220.64.0/19
deny from 196.220.224.0/20
deny from 196.220.240.0/20
deny from 212.100.64.0/19
deny from 217.14.80.0/20
deny from 217.117.0.0/20
#

For IIS7, this geoblock module works well for a quick fix:
http://sourceforge.net/projects/iis7geoblockmod/

Preferably you want to have the block at the network level, which would require a bit more complexity. It would also involve maintaining (or purchasing subscription rights to) a database with IP ranges and their respective geographical regions. Some DNS services provide this capability, but require an rDNS lookup on each IP which may not be feasible in your environment.

Obviously, a determined user can get around this via proxies and such, but this stops the majority of users.

@RushB
That list would probably be good for right now as an immediate fix, but will get out of date quickly. The harm here is users being incorrectly identified and blocked, which is generally very damaging to the company's image.

I included two options- free and paid. GeoIP and Embargo will do the trick if you don't mind paying for the service.

Thanks,
RushB

My company blocks all traffic to and from all IP blocks assigned to Internet registries that are outside of the United States. It is a pretty aggressive stance, but it prevents all sorts of problems. We block inbound web traffic, and outbound traffic as well, and then make exceptions when needed.
Let me know if you want my router access list and I can post it later.

Managing Active Directory can get complicated. Often, the native tools for managing AD are just not up to the task. The largest Active Directory installations in the world have relied on one tool to manage their day-to-day administration tasks: Hyena. Start your trial today.

Course Of The Month

How can I block Nigeria IP's? Either ASP.NET, IIS7, or Win Server 2008

Welcome to Experts Exchange

Featured Post

Suggested Courses

734 members asked questions and received personalized solutions in the past 7 days.

Enjoyed your answer?

Keep in touch with Experts Exchange

Live Consultants