Htaccess - allow UK traffic only? - Apache Web Server forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Htaccess - allow UK traffic only?

logicred

9:00 am on Jun 16, 2010 (gmt 0)

All of my CMS designed sites ideally have a UK audience only and I am having trouble with spam and hacks from various countries.

I have visited www.countryipblocks.net and added a DENY rule to their top 10 countries which has resulted in a 10000 line file of IP addresses (is this bad?). Is it easier just to add an 'ALLOW' for all the UK based addresses? Whats the norm here?

Thanks

Frank_Rizzo

9:13 am on Jun 16, 2010 (gmt 0)

Country blocking is a blunt tool. Far better to block the spam itself.

What type of spam? anonymous posting comment spam? Turn it off, use a strong captcha.

Use something like modsecurity which can identify common hacks and allow you to create custom rules to identify anything suspcious, then block it or ban it all automatically.

logicred

9:41 am on Jun 16, 2010 (gmt 0)

Thanks Frank. That makes sense. I have many old CMS sites which have many vunerabilities. I am in the process of slowly migrating, but I also want to block for the future too. It just seems like an easy way to block by countries if the site traffic should just be UK based.

wilderness

12:53 pm on Jun 16, 2010 (gmt 0)

resulted in a 10000 line file of IP addresses (is this bad?).

For the longest while, I had most every country beyond the boundaries of North America denied access to my sites and my htaccess was approximately one-fifth of yours (or less than 2,000 lines), and with a considerable number of my lines being unrelated to same IP's.

The smaller quantity of lines is accomplished by combining IP's into larger groups or expressions. The latter a task of which the country database providers are incapable of doing (assuredly quite time consuming).
One such very small example [webmasterworld.com]

In summary, it's NOT a simple task and could require a task time of weeks or even months to accomplish, and even after that time spent, the IP's require monitoring due to re-allocations and/or exceptions.

jdMorgan

1:15 pm on Jun 16, 2010 (gmt 0)

How about Brits on holiday in Spain -- or Asia?

"Bloody rude, this site! Won't see a penny from me!"

Jim

wilderness

1:53 pm on Jun 16, 2010 (gmt 0)

How about Brits on holiday in Spain -- or Asia?

My providers tech used to vacation in Spain and it required making an exception for access.
Fortunately, I wasn't attempting to sell him any thing ;)

Frank_Rizzo

4:45 pm on Jun 16, 2010 (gmt 0)

Ex-pats / vacationers. Could have problems with your UK based AOL visitors too.

g1smd

6:04 pm on Jun 16, 2010 (gmt 0)

I have a site where Africa, South America, most of the Middle East and most of Asia is blocked. There's still a way for people to make contact, and in three years there's been precisely one email - from Australia - for a user in one small IP range accidentally blocked in error. The site focus is UK only, but Europe and North America can still see it, though the traffic from all of those places combined is way less than 1%, and most of those visits are bounces. The IP deny rules are less than 100 from memory.