Solved

How can I block Nigeria IP's?  Either ASP.NET, IIS7, or Win Server 2008

Posted on 2010-11-25
5
1,248 Views
Last Modified: 2012-05-10
I dont care where it is done:  either on Win Server 2008, IIS7, or ASP.NET...
I want to block Nigeria IP addresses from using my website.

I apologize to the good people of nigeria, but 99% of all traffic I get from that country is malicious and the manhours spent is not worth it.  if the good people of nigeria would clean up their internet usages by cracking down on the web crime there, then maybe more web masters would not take drastic action like this, but i just have little choice.  im too busy and need a quick fix for the rampant scams i keep dealing with over IP addresses originating in nigeria.
0
Comment
Question by:arthurh88
  • 2
  • 2
5 Comments
 
LVL 3

Accepted Solution

by:
RushB earned 500 total points
ID: 34215127
You can purchase something like GeoIP or ISA Embargo, or I believe you can use .htaccess on Windows Server.

Sample for Nigeria:

# Country: NIGERIA
# ISO Code: NG
# Total Networks: 97
# Total Subnets:  669,184
deny from 41.58.0.0/16
deny from 41.67.128.0/18
deny from 41.71.128.0/17
deny from 41.73.0.0/19
deny from 41.73.128.0/19
deny from 41.73.224.0/19
deny from 41.75.16.0/20
deny from 41.75.192.0/20
deny from 41.76.64.0/21
deny from 41.76.72.0/21
deny from 41.76.80.0/21
deny from 41.76.152.0/21
deny from 41.76.192.0/21
deny from 41.78.8.0/22
deny from 41.78.12.0/22
deny from 41.78.80.0/22
deny from 41.78.88.0/22
deny from 41.78.100.0/22
deny from 41.78.156.0/22
deny from 41.78.172.0/22
deny from 41.84.160.0/19
deny from 41.86.128.0/19
deny from 41.87.64.0/19
deny from 41.138.160.0/19
deny from 41.139.64.0/18
deny from 41.155.0.0/17
deny from 41.184.0.0/16
deny from 41.189.0.0/19
deny from 41.190.0.0/19
deny from 41.190.240.0/22
deny from 41.191.108.0/22
deny from 41.203.64.0/19
deny from 41.203.96.0/19
deny from 41.204.224.0/19
deny from 41.205.160.0/19
deny from 41.206.0.0/19
deny from 41.206.224.0/19
deny from 41.211.192.0/18
deny from 41.215.244.0/22
deny from 41.216.160.0/20
deny from 41.216.232.0/22
deny from 41.217.0.0/17
deny from 41.217.204.0/22
deny from 41.219.128.0/18
deny from 41.219.192.0/18
deny from 41.220.64.0/20
deny from 41.221.112.0/20
deny from 41.221.160.0/20
deny from 41.222.40.0/21
deny from 41.222.64.0/21
deny from 41.222.144.0/21
deny from 41.222.208.0/22
deny from 41.223.64.0/22
deny from 41.223.128.0/22
deny from 41.223.136.0/22
deny from 41.223.144.0/22
deny from 41.223.168.0/22
deny from 62.173.32.0/19
deny from 62.193.160.0/19
deny from 80.248.0.0/20
deny from 80.250.32.0/20
deny from 82.128.0.0/17
deny from 193.189.0.0/18
deny from 193.189.64.0/23
deny from 193.189.128.0/24
deny from 195.166.224.0/19
deny from 196.1.133.0/24
deny from 196.1.176.0/20
deny from 196.3.60.0/22
deny from 196.3.180.0/22
deny from 196.10.202.0/24
deny from 196.22.6.0/24
deny from 196.28.10.0/24
deny from 196.29.208.0/20
deny from 196.32.224.0/23
deny from 196.40.192.0/18
deny from 196.45.48.0/20
deny from 196.46.20.0/24
deny from 196.46.27.0/24
deny from 196.46.144.0/22
deny from 196.46.240.0/21
deny from 196.200.64.0/20
deny from 196.200.112.0/20
deny from 196.207.0.0/20
deny from 196.216.144.0/22
deny from 196.216.148.0/22
deny from 196.216.184.0/22
deny from 196.216.251.0/24
deny from 196.216.253.0/24
deny from 196.216.255.0/24
deny from 196.220.0.0/19
deny from 196.220.64.0/19
deny from 196.220.224.0/20
deny from 196.220.240.0/20
deny from 212.100.64.0/19
deny from 217.14.80.0/20
deny from 217.117.0.0/20
#



0
 
LVL 12

Expert Comment

by:geowrian
ID: 34215139
For IIS7, this geoblock module works well for a quick fix:
http://sourceforge.net/projects/iis7geoblockmod/

Preferably you want to have the block at the network level, which would require a bit more complexity. It would also involve maintaining (or purchasing subscription rights to) a database with IP ranges and their respective geographical regions. Some DNS services provide this capability, but require an rDNS lookup on each IP which may not be feasible in your environment.

Obviously, a determined user can get around this via proxies and such, but this stops the majority of users.
0
 
LVL 12

Expert Comment

by:geowrian
ID: 34215141
@RushB
That list would probably be good for right now as an immediate fix, but will get out of date quickly. The harm here is users being incorrectly identified and blocked, which is generally very damaging to the company's image.
0
 
LVL 3

Expert Comment

by:RushB
ID: 34215157
I included two options- free and paid. GeoIP and Embargo will do the trick if you don't mind paying for the service.

Thanks,
RushB
0
 
LVL 42

Expert Comment

by:kevinhsieh
ID: 34215337
My company blocks all traffic to and from all IP blocks assigned to Internet registries that are outside of the United States. It is a pretty aggressive stance, but it prevents all sorts of problems. We block inbound web traffic, and outbound traffic as well, and then make exceptions when needed.
Let me know if you want my router access list and I can post it later.
0

Featured Post

Best Practices: Disaster Recovery Testing

Besides backup, any IT division should have a disaster recovery plan. You will find a few tips below relating to the development of such a plan and to what issues one should pay special attention in the course of backup planning.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I had a question today where the user wanted to know how to delete an SSL Certificate, so I thought that I would quickly add this How to! Article for your reference. WHY WOULD YOU WANT TO DELETE A CERTIFICATE? 1. If an incorrect certificate was …
Prologue It is often required to host multiple websites on a single instance of IIS, mostly in development environments instead of on production servers. I am sure it is not much a preferred solution on production servers but this is at least a pos…
This tutorial will walk an individual through the steps necessary to configure their installation of BackupExec 2012 to use network shared disk space. Verify that the path to the shared storage is valid and that data can be written to that location:…
This tutorial will walk an individual through the steps necessary to join and promote the first Windows Server 2012 domain controller into an Active Directory environment running on Windows Server 2008. Determine the location of the FSMO roles by lo…

896 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

17 Experts available now in Live!

Get 1:1 Help Now