Ban IPs by region on our server

Hello

I have a 2 part question:

1. Is it a good idea to ban IP addresses by region on our server to increase our security? We mainly supply locally in our own country and do not need to be visible everywhere. Only a selected amount of countries. I do see numerous port scans coming from some countries that we would like to permanently limit access.

2. Where can we find these IPs and will it hinder the performance of the website and server if we have these bans in place.

Your comments are appreciated.
gregnvtAsked:
Who is Participating?
 
Dave BaldwinConnect With a Mentor Fixer of ProblemsCommented:
While it might be a good idea, China alone has over 200 non-continuous IP address blocks.  http://www.nirsoft.net/countryip/cn.html  Those are just IPV4 addresses.  I don't have a list for IPV6.

MaxMind has a GeoIP by country database available.  http://www.maxmind.com/en/geolocation_landing   I don't know if it can be used by the server without a program.
0
 
MajorBigDealConnect With a Mentor Commented:
I think that is overkill, likely to create problems and not be effective.  When you see an address misbehaving you could just add it to your hosts.deny file.  That way if you get push back because someone can't get to your website because you have denied their IP, you have a solid, documented reason and explanation.

There is software available (like fail2ban or denyhosts) that can do this for you automatically.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.