I use a geotargeting database from [ip2location.com...] to block and redirect surfers from certain countries, states, and cities. They have some premade scripts and I think the country only database is free or really cheap. I've heard there is even one or two free ones out there I'm sure you could find with some googling. An example of how I use it on one of my sites is...

RewriteEngine on

# Blocking Script
RewriteCond %{HTTP_COOKIE} !.*allowed.*
RewriteRule /* http://www.example.com/ipcheck.php?request=%{REQUEST_URI} [L,R]
# End Blocking Script

On my site the lines above are in my .htaccess file located in a sub folder. It checks to see if the surfer has an "allowed" cookie, if not, they are sent to the ip checking script that checks the surfers ip address and determines if it's in the database. If it is in the database the script redirects the user away to another site.

Not sure if that's what you're looking for but it's alternate approach I use and have been very happy with.

Regards, Wayne

[edited by: jdMorgan at 4:06 am (utc) on Jan. 2, 2009]
[edit reason] example.com [/edit]

It would be more effective to accomplish what you desire using mod_rewrite, rather than mod_access

Sorry at the expiring link, there's an active one.

@hostanything
That would take sometime to check the other website, hence why I use a list of subnets in .htaccess

@wilderness
How do you suggest to do that?

------
I would still like to use my method, is it possible? Oh, and is it possible for .htaccess to ready from files? Means:

ErrorDocument 403 /noaccess/countries.php?c=Nigeria
order allow,deny
allow from all
<a file where all Nigeria subnets here and deny them>

For example. Thanks.

[edited by: jdMorgan at 3:35 pm (utc) on Jan. 2, 2009]
[edit reason] No links, please. [/edit]

Not sure if I was clear, I purchase a database subscription from them which sends me updates every month. I use my own database on my server to check what country the surfer is coming from. Similar setup to what you see on all these dating adds where it says "find girls in [insert your city]" :)

IP's change all the time so the advantage to using a database system to block or redirect users is it's easy to update. I run a cron job once a month to download my database updates.

Wayne

Thanks Wayne.

I unfortunately can't buy this for a couple of reasons, thats why I am sticking to .htaccess, maybe I can find a way to do multiple redirects.

Probably Jim knows a way?

@wilderness
How do you suggest to do that?

Here's lines for your Nigerian example (please note; Error Document path and variable path may require correction prior to use (I do not use either).

#deny access from IP ranges and redirect to Nigerian Error #Doc
#Activate Rewrite Engine, unless activated previously
RewriteEngine on
41\.204\.2(2[4-9]¦[345][0-9])\. [OR]
41\.205\.1([678][0-9]¦9[01])\.
RewriteCond %{REQUEST_URI} !^/errors/errors.php?c=Nigeria$
RewriteRule !^contact.html$ http://www.example.com/errors/errors.php?c=Nigeria [L]

Corrections required prior to use for forum breaking of the pipe character.

You'll need to implement a similar section for each country (including IP ranges) that you desire to deny access and/or redirect.

If more than a single IP range is used, the [OR] is required for each IP range that is above the last line of IP ranges. On multiple IP ranges, the last line is absent the [OR].

In order to return a proper 403 error response status, this needs to be a three-step process. Building on what Wilderness posted above, we get:

# Declare the default custom 403 error page
ErrorDocument 403 /errors/errors.php
#
# Activate the Rewrite Engine (this line not needed if already done previously)
RewriteEngine on
#
# Invoke a 403-Forbidden response to requests from Nigeria
# and set the "Denied_Country" server variable
RewriteCond %{REMOTE_ADDR} ^41\.204\.2(2[4-9]¦[345][0-9])\. [OR]
RewriteCond %{REMOTE_ADDR} ^41\.205\.1([678][0-9]¦9[01])\.
RewriteRule !^errors/errors\.php$ - [E=Denied_Country:Nigeria,[b]F[/b]]
#
# ... similar code block for Kuwait goes here...
#
# If the "Denied_Country" server variable is valid and we haven't already done it, rewrite
# the custom 403 error page request to add the specific denied-country query string
RewriteCond %{QUERY_STRING} !^c=[a-z]+$ [NC]
RewriteCond %{ENV:Denied_Country} ^([a-z]+)$ [NC]
RewriteRule ^errors/errors\.php$ /errors/errors\.php?c=%1 [L]

As previously mentioned, replace the broken pipe "¦" characters with solid pipe characters before use; Posting on this forum breaks the pipe characters. Completely flush your browser cache before testing any new server-side code.

Untested code, no warranty... :)

Jim

Hi wilderness
What if I want to block subnets? 41.12.0.0/24 for example, several ones? What do I use?

Basically, you can't accomplish everything you want to do using CIDR or subnet notation. The modules in Apache that recognize CIDR and subnet notations cannot handle conditional operations or set variables, and the Apache modules that can set variables and handle conditional execution don't understand subnets and CIDR notation. So you must convert these to address ranges, and then convert those ranges to regular-expressions patterns as in the examples above.

Another alternative would be to rewrite all requests to a single script, and have your script parse out the subnets and CIDR notations, do your IP authentication, serve all files, and handle all errors, cache control, etc... This is just one of those "Sounds easy, but it ain't" kind of things...

Jim

Maybe someone might like to roll all that stuff together and code it up as a new Apache Module or something? :-)

What if I want to block subnets? 41.12.0.0/24 for example, several ones? What do I use?

do a google on "Online IP CIDR Supernet Calculator"

Thank you everybody :-)