Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 88
  • Last Modified:

Blocking website in a geographical location

Can I block my website from the users from a particular geographical location?
0
CPSRI
Asked:
CPSRI
1 Solution
 
Giovanni HewardCommented:
Yes.  You can  obtain a list of IPs to block based on country @ http://www.ip2location.com/free/visitor-blocker

You can also other services such as IP2Location databases to create your own solution, see: http://www.ip2location.com/developers
0
 
Dr. KlahnPrincipal Software EngineerCommented:
On Linux, this is easy to do with the geoip plugin for iptables and the free geoip database from maxmind.com.  This does lockouts at the country level and it can be limited by port number.  In the example below I am blocking all traffic.

If you want specific blocking, maxmind also has a non-free service which will block down to city and county levels.

I use a shell script which loads through init.d at all levels during startup:

#/bin/sh

# /etc/iptables/script1
#
# This script is executed after script0 when /etc/init.d/iptables
# is called during the startup process.
#
# These rules are permanent lockouts of specific country codes as
# determined by the GeoIP database in /var/geoip.
#
# Note:  Keep the GeoIP database current using the shell scripts.

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
iptloc="/sbin/iptables"
declare -i sfail=0

# Delete all rules in any pre-existing chain
# $iptloc -F CountryLockouts
# Suppress error messages
$iptloc -F CountryLockouts > /dev/null 2> /dev/null

# Flush any pre-existing chain
# $iptloc -X CountryLockouts
# Suppress error messages
$iptloc -X CountryLockouts > /dev/null 2> /dev/null

# Declare a new iptables chain for these rules
$iptloc -t filter -N CountryLockouts
sfail=sfail+$?

# RULES BEGIN ============================================

# Anonymous Proxy
$iptloc -t filter -A CountryLockouts -m geoip --src-cc A1 -j REJECT
sfail=sfail+$?

# Abu Dhabi
$iptloc -t filter -A CountryLockouts -m geoip --src-cc AE -j REJECT
sfail=sfail+$?

#
# APPROXIMATELY 400 LINES OF EXCLUSIONS REMOVED HERE FOR EXAMPLE
#

# Zimbabwe
$iptloc -t filter -A CountryLockouts -m geoip --src-cc ZW -j REJECT
sfail=sfail+$?

# RULES END ============================================

# Return to the calling chain
$iptloc -t filter -A CountryLockouts -j RETURN
sfail=sfail+$?

# Now insert a call to this chain at the top of INPUT
$iptloc -I INPUT 2 -j CountryLockouts
sfail=sfail+$?

exit $sfail

Open in new window


(Note that this is the second chain added to INPUT, therefore the "2" in the last line that adds the chain.)
0
 
CPSRIAuthor Commented:
Thank you
0

Featured Post

When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now