Hi, I need to block various countries from accessing my site (for reasons i won't go into right now... other than being compliant and meeting regulations with my payment provider... please don't make this the topic). I am not sure if it is best / easiest to block all of the my site or just certain page from these countries... anyway, my question is... what is the best way to block specfic countries... I have the GEO MaxMind database feeding into my site, however would querying each users IP address against my GEO database pull a lot of resources out of my site... can anyone suggest a better way to achieve this (if there is one...), thanks in advance...
The quickest way is to generate a .htaccess file with the IP addresses you want to block. For example: Say youwant to block Iraq & Afgahanistan http://www.ip2location.com/free/visitor-blocker Chose the 2 blocking countries, and generate the file, upload & done ... You need to repeat this process once in a while ...
It would add some latency to a request but is probably pretty fast. Have you benchmarked the time it takes their API to return a result for an IP address. Maxmind is used by enough organizations that I would bet it's negligible.
Thanks for the replies... If i ran it at htaccess level would i need need to enter in over 1000+ lines of code
Depends on how many users you want to block. Try & generate the .htaccess file from the site I gave you and see the result ...
Generally I'd go further than htaccess since that just blocks the http server. MOST of the time you are blocking certain countries (Nigeria or the Ukraine with their endless sleazy hackers for example) I would suggest doing it at the server level using iptables from the command line. iptables -A INPUT -s 192.168.1.100 -j DROP Replacing the desired IP address as appropriate. You can also nab an entire range of addresses thus: iptables -A INPUT iprange --src-range 192.168.1.100-192.168.1.200 -j DROP That blocks requests on ALL ports from that IP address -- You block the input, no requests from those addresses on http, ftp, ssh, telnet or any other service will be served.
Is there any site that will allow you to access a site from another country so that you can test your site against blocked countries?
If you are using FireFox/Chrome, download a proxy extension (ex: FoxyPro). Then enter the IP and Port of the country you want to use and refresh. There are many free proxy lists, this is the one I usually use for geo targeting testing: http://hidemyass.com/proxy-list/