chetas,

IP addresses are assigned in blocks, and there is no guarantee that any block won't be assigned to a different country than the one immediately preceding it. Also, these assignments can change over time.

So, you'll need to sign up for a "geo-IP" service that keeps up with all of this for you, and then implement a remote procedure call to that service for each request. This will require httpd.conf access on your server, so you may need a dedicated server.

Alternately, you can simply note the IP address ranges that are causing you the most problems, and block those yourself. If you limit the blocking to 255-address ranges, you won't accidentally block the wrong country.

It's probably cheaper to screen your e-mail...

Jim

ahh thanks.

i dont think i want to do geo-targeting as it seems like to much work and effort to keep up todate.

i thought that maybe the ip addresses were assisned so you could work out from the first three digits which country they work in, hmm like how our international telephone numbering system works but im obviously wrong. :(

If someone is satisfied that anyone originating from (example only) A1.0.0.0 - A3.255.255.255 is not a potential customer, shouldn't the following work to latch the barn?:

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^A1\.$ [OR]
RewriteCond %{REMOTE_ADDR} ^A2\.$ [OR]
RewriteCond %{REMOTE_ADDR} ^A3\.$
RewriteRule ^.*$ - [F]

Well, almost...

RewriteEngine on
RewriteCond %{REMOTE_ADDR} ^A1\. [OR]
RewriteCond %{REMOTE_ADDR} ^A2\. [OR]
RewriteCond %{REMOTE_ADDR} ^A3\.
RewriteRule .* - [F]

The problem is not one of implementation, it's one of identification. The big IP address blocks are not assigned in any organized way, so the problem is figuring out which address ranges to block and how big the blocked range should be. As discussed in other threads, if you block large chunks of addresses from China, then you will also inadvertently block Australia and New Zealand because they have been assigned lots of little address spaces within the "Chinese" address ranges.

So, like I said, you have to be careful not to get carried away and start banning huge blocks of addresses unless you are willing to thoroughly investigate all of the smaller ranges within (65,535-address and/or 255-address chunks).

With that in mind, to be safe, you want to start small by specifying 255-address chunks after looking them up in ARIN or RIPE or APNIC, etc.

RewriteEngine on
# small block - 255 addresses
RewriteCond %{REMOTE_ADDR} ^192\.0\.0\. [OR]
# small block - 255 addresses
RewriteCond %{REMOTE_ADDR} ^192\.0\.3\. [OR]
# bigger block from 192.1.5.0 to 192.1.255.255
RewriteCond %{REMOTE_ADDR} ^192\.1\.([5-9]¦[1-9][0-9]¦[12][0-9][0-9])\.
RewriteRule .* - [F]

Jim

> shouldn't the following work to latch the barn?

Short answer - no.

Long answer - you're close...

RewriteCond %{REMOTE_ADDR} [b]^A1\.$[/b] [OR]

The test condition of the RewriteCond - ^A1\.$ - will only match A1. - nothing more & nothing less. In plain English, the test says, "Check the visitor's IP address; if it starts with an 'A' and is immediately followed by a '1' and is immediately followed by a 'dot' which ends the IP address, forbid them."

Of course, there's more to an IP address than the first number... The only problem with the above RewriteCond's is the ending anchor, the dollar sign. Rewritten like this...

RewriteCond %{REMOTE_ADDR} ^A1\. [OR]

...gives you the behaviour you expect.

Always a helpful reference: Using regular expressions. [etext.lib.virginia.edu]

<added>Don't grab a coffee while in the middle of posting - Jim will beat you to it.</added>