Blocking website in a geographical location

Posted on 2014-12-29
Last Modified: 2015-03-21
Can I block my website from the users from a particular geographical location?
Question by:CPSRI
LVL 15

Expert Comment

by:Giovanni Heward
ID: 40523861
Yes.  You can  obtain a list of IPs to block based on country @

You can also other services such as IP2Location databases to create your own solution, see:
LVL 26

Accepted Solution

Dr. Klahn earned 500 total points
ID: 40529867
On Linux, this is easy to do with the geoip plugin for iptables and the free geoip database from  This does lockouts at the country level and it can be limited by port number.  In the example below I am blocking all traffic.

If you want specific blocking, maxmind also has a non-free service which will block down to city and county levels.

I use a shell script which loads through init.d at all levels during startup:


# /etc/iptables/script1
# This script is executed after script0 when /etc/init.d/iptables
# is called during the startup process.
# These rules are permanent lockouts of specific country codes as
# determined by the GeoIP database in /var/geoip.
# Note:  Keep the GeoIP database current using the shell scripts.

declare -i sfail=0

# Delete all rules in any pre-existing chain
# $iptloc -F CountryLockouts
# Suppress error messages
$iptloc -F CountryLockouts > /dev/null 2> /dev/null

# Flush any pre-existing chain
# $iptloc -X CountryLockouts
# Suppress error messages
$iptloc -X CountryLockouts > /dev/null 2> /dev/null

# Declare a new iptables chain for these rules
$iptloc -t filter -N CountryLockouts

# RULES BEGIN ============================================

# Anonymous Proxy
$iptloc -t filter -A CountryLockouts -m geoip --src-cc A1 -j REJECT

# Abu Dhabi
$iptloc -t filter -A CountryLockouts -m geoip --src-cc AE -j REJECT


# Zimbabwe
$iptloc -t filter -A CountryLockouts -m geoip --src-cc ZW -j REJECT

# RULES END ============================================

# Return to the calling chain
$iptloc -t filter -A CountryLockouts -j RETURN

# Now insert a call to this chain at the top of INPUT
$iptloc -I INPUT 2 -j CountryLockouts

exit $sfail

Open in new window

(Note that this is the second chain added to INPUT, therefore the "2" in the last line that adds the chain.)

Author Closing Comment

ID: 40680081
Thank you

Featured Post

NFR key for Veeam Backup for Microsoft Office 365

Veeam is happy to provide a free NFR license (for 1 year, up to 10 users). This license allows for the non‑production use of Veeam Backup for Microsoft Office 365 in your home lab without any feature limitations.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
SIEM traffic 5 60
how Adwords bidding happens 1 67
Setting up new vpn 15 67
Penetration Testing home based work 3 91
Owning a franchise can be the dream of a lifetime. It provides a chance for economic growth. You can be as successful as you want.  To make your franchise successful, you need to market it successfully. Here are six of the best marketing strategies …
Preparing an email is something we should all take special care with – especially when the email is for somebody you may not know very well. The pressures of everyday working life stacked with a hectic office environment can make this a real challen…
Learn how to set-up custom confirmation messages to users who complete your Wufoo form. Include inputs from fields in your form, webpage redirects, and more with Wufoo’s confirmation options.
Learn how to set-up PayPal payment integration in your Wufoo form. Allow your users to remit payment through PayPal upon completion of your online form. This is helpful for collecting membership payments, customer payments, donations, and more.

830 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question