Solved

Blocking website in a geographical location

Posted on 2014-12-29
3
85 Views
Last Modified: 2015-03-21
Can I block my website from the users from a particular geographical location?
0
Comment
Question by:CPSRI
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
3 Comments
 
LVL 15

Expert Comment

by:Giovanni Heward
ID: 40523861
Yes.  You can  obtain a list of IPs to block based on country @ http://www.ip2location.com/free/visitor-blocker

You can also other services such as IP2Location databases to create your own solution, see: http://www.ip2location.com/developers
0
 
LVL 28

Accepted Solution

by:
Dr. Klahn earned 500 total points
ID: 40529867
On Linux, this is easy to do with the geoip plugin for iptables and the free geoip database from maxmind.com.  This does lockouts at the country level and it can be limited by port number.  In the example below I am blocking all traffic.

If you want specific blocking, maxmind also has a non-free service which will block down to city and county levels.

I use a shell script which loads through init.d at all levels during startup:

#/bin/sh

# /etc/iptables/script1
#
# This script is executed after script0 when /etc/init.d/iptables
# is called during the startup process.
#
# These rules are permanent lockouts of specific country codes as
# determined by the GeoIP database in /var/geoip.
#
# Note:  Keep the GeoIP database current using the shell scripts.

PATH=/usr/local/sbin:/usr/local/bin:/sbin:/bin:/usr/sbin:/usr/bin
iptloc="/sbin/iptables"
declare -i sfail=0

# Delete all rules in any pre-existing chain
# $iptloc -F CountryLockouts
# Suppress error messages
$iptloc -F CountryLockouts > /dev/null 2> /dev/null

# Flush any pre-existing chain
# $iptloc -X CountryLockouts
# Suppress error messages
$iptloc -X CountryLockouts > /dev/null 2> /dev/null

# Declare a new iptables chain for these rules
$iptloc -t filter -N CountryLockouts
sfail=sfail+$?

# RULES BEGIN ============================================

# Anonymous Proxy
$iptloc -t filter -A CountryLockouts -m geoip --src-cc A1 -j REJECT
sfail=sfail+$?

# Abu Dhabi
$iptloc -t filter -A CountryLockouts -m geoip --src-cc AE -j REJECT
sfail=sfail+$?

#
# APPROXIMATELY 400 LINES OF EXCLUSIONS REMOVED HERE FOR EXAMPLE
#

# Zimbabwe
$iptloc -t filter -A CountryLockouts -m geoip --src-cc ZW -j REJECT
sfail=sfail+$?

# RULES END ============================================

# Return to the calling chain
$iptloc -t filter -A CountryLockouts -j RETURN
sfail=sfail+$?

# Now insert a call to this chain at the top of INPUT
$iptloc -I INPUT 2 -j CountryLockouts
sfail=sfail+$?

exit $sfail

Open in new window


(Note that this is the second chain added to INPUT, therefore the "2" in the last line that adds the chain.)
0
 

Author Closing Comment

by:CPSRI
ID: 40680081
Thank you
0

Featured Post

On Demand Webinar: Networking for the Cloud Era

Did you know SD-WANs can improve network connectivity? Check out this webinar to learn how an SD-WAN simplified, one-click tool can help you migrate and manage data in the cloud.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Most of the applications these days are on Cloud. Cloud is ubiquitous with many service providers in the market. Since it has many benefits such as cost reduction, software updates, remote access, disaster recovery and much more.
A great marketing strategy is diverse.  Read about the not so popular, yet effective, marketing tactics you can start using today!
Viewers will get an overview of the benefits and risks of using Bitcoin to accept payments. What Bitcoin is: Legality: Risks: Benefits: Which businesses are best suited?: Other things you should know: How to get started:
If you're a developer or IT admin, you’re probably tasked with managing multiple websites, servers, applications, and levels of security on a daily basis. While this can be extremely time consuming, it can also be frustrating when systems aren't wor…

628 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question