Blocking countries with .htaccess

Forum Moderators: phranque

Message Too Old, No Replies

Blocking countries with .htaccess

how do I do it? and will it place a strain on the server?

callivert

8:44 am on Jul 7, 2009 (gmt 0)

I have a site that gets a lot of spam from China. I'd like to just block China through .htaccess, and maybe Russia too, since most visitors from those locations seem to be spammers and hackers and cause nothing but trouble.

Now, before someone says "it's hopeless because you can't block them all" or "even if you do that, they can still use proxies to see your site", I know that. I'm not looking for perfection. I'd just like to reduce the flood to a trickle. A trickle is better than a flood.

Anyway, I found a site that generates a .htaccess file to block countries, but the .htaccees file it created was several thousand lines long. Is that either necessary or reasonable? Do you really need thousands of lines of code to block a few countries? If you do, does it slow down server response time or will an apache web server process it in a mere blink of an eye? Is there another way?

wilderness

1:16 pm on Jul 7, 2009 (gmt 0)

I've most non-North American countries denied, as well as many other criteria and my htaccess is just under 2k in lines.

The following examples are not the country specifics that your looking for, however are meant to provide insight into methods and beginnings.

[webmasterworld.com...]
[webmasterworld.com...]
[webmasterworld.com...]

FormosaKing

2:55 pm on Jul 7, 2009 (gmt 0)

This is what I use and it's working quite well for me so far:

[maxmind.com...]

wilderness

3:16 pm on Jul 7, 2009 (gmt 0)

This is what I use and it's working quite well for me so far:

These databases provided items require condensing, rather than multiple lines.
Ex:
three lines under China (a solitary example):
119.44.0.0119.45.255.255
119.48.0.0119.55.255.255
119.57.0.0119.58.255.255

May all be condensed onto a solitary line.
RewriteCond %{REMOTE_ADDR} 119\.(4[45]¦4[89]¦5[0-5]¦5[78])\. [OR]

Please note; forum breaks pipe character and requires correction.

I'm not aware of any software or website that provides an automated process of this conversion/condensing.

Pfui

8:47 pm on Jul 7, 2009 (gmt 0)

Coincidentally, just this week I finally decided to block ALL of China and ALL of IRAN because of Zombies and Botnets.

But rather than pick through the mod_rewrites required for a gazillion non-contiguous CIDRs, I simply removed all the single denials and rewrites I'd added over the years and then copy-pasted the following "Deny From" lists whole-hog:

[remotetm.net...]
[remotetm.net...]

(China's list is predictably long, but the server just breezes through. Plus no mod_rewrite logging for the gaggle of China-related rewrites I had saves server time and space.)

Free, oft' updated files in different formats (see the "County Codes" menu) and loads of countries from which to choose.And there's no catch -- at least not yet!

Hmm. Which Zombie-laden country should I block next via .htaccess deny format [remotetm.net]? Saudi Arabia... The Koreas...