Hello, I don't know for you, but after years dealing with server stuff, when something looks SUPER OBVIOUS, I suspect something is fishy Can I ask you for your opinion, please ? Basically, the question I'm asking myself is "why are people blocking countries with IP lists, when they could ban hostnames or country codes"... As far as I know, for htaccess blocking, there are 3 possible sources, and 2 methods : - Method 1 : ErrorDocument 403 some_file_some_where <Limit GET HEAD POST> order allow,deny deny from .cn deny from .ru allow from all </LIMIT> - Method 2 RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CN|RN$ RewriteRule ^(.*)$ some_page_some_where [L] - Source 1 : block a hostname : .co.uk, .cn, .co.jp, .jp, etcetera, .ru, etcetera. (as illustrated in Method 1) - Source 2 : block a super long list of detailed IP ranges from a country database like countryipblocks.net - Source 3 : block Iso 3166 country codes (as illustrated in Method 2) And, see, using lists of IPs, it's bothersome, these lists must be updated frequently, and the lists can be VERY long and slow down the first loading of your website. On the opposite, using a hostname or a country code would take only one list per country, for heaven's sake ! Could it be that there are flaws with a method based on using hostnames or country codes, as opposed to list of IPs ? These methods aren't perfect, even banning proxy traffic isn't perfect, but in that regard all 3 methods are sharing the same imperfection, the people who know their stuff will pass through anyway. Or is it that, precisely, it looks so easy people don't trust it ? Thanks if you can give me your thoughts
Using IP addresses, or better subnets, is much faster and requires no reverse DNS lookup, which makes apache much faster. Leveraging GEOIP to get the information is better, but not as good as having the exact subnets. Using DNS names is both inefficient and ineffective.