need to allow visitors from certain countries only

Forum Moderators: phranque

Message Too Old, No Replies

need to allow visitors from certain countries only

ronaldv

3:18 am on Sep 7, 2007 (gmt 0)

Hi to all! This is my first post here!

I manage a dating site and scammers from around the world register with it everyday. I've been using .htaccess to block whole countries but the list is growing too much and now I'm thinking to use the opposite approach: allow visitors to my register page only from usa and canada. How could I do this?

What happens if my .htaccess file is about 800kB? Does it use my web hosting bandwidth?

Thanks!

Wlauzon

11:06 am on Sep 7, 2007 (gmt 0)

We have about 50 countries totally blocked with about 15 lines.

Not sure if htaccess allow CIDR notation like 58.0.0/8

[subnet-calculator.com...]

[edited by: Wlauzon at 11:07 am (utc) on Sep. 7, 2007]

charlier

11:13 am on Sep 7, 2007 (gmt 0)

If you have php on your site you can do this quite easily with geo_ip. It will tell you what country the visitor is from and you can show a different page to non-us and canada visitors.

ronaldv

2:37 pm on Sep 7, 2007 (gmt 0)

Hi charlier, my website uses .tpl files but shows them as .html pages

Wlauzon, how could I use [subnet-calculator.com...] to get all IPs from USA?

I have a list of USA IPs in the following format:

deny from 60.254.128.0/18
deny from 163.60.0.0/16
...

but its a .txt file of 980kb

Wlauzon

9:33 pm on Sep 7, 2007 (gmt 0)

That site only does the conversion to a CIDR, you have to get the IP's from other sources, but [ipdeny.com...] has a complete listing and will even make some of the lists for you. It also lists quite a few of the CIDR's for specific countries.

We use both sites quite often to keep our ecommerce site blocks up to date, since we started blocking most African and China and a few others, our fraud orders have dropped 90%.

Blocking US numbers might be a problem because it has so many, but see here for some links [en.wikipedia.org...]

[edited by: Wlauzon at 9:36 pm (utc) on Sep. 7, 2007]

Reno

9:54 pm on Sep 7, 2007 (gmt 0)

We have about 50 countries totally blocked with about 15 lines.

That's incredible. If you are allowed to provide those 15 lines in a posting here, we will chant your name in high praise under the next full moon!

..................................

Wlauzon

12:41 am on Sep 8, 2007 (gmt 0)

Hmm it won't let me do a cut and paste, so I will just post a few of them manually. Make sure you check the countries so you don't ban something you want to allow. Mostly we block the majority of the ex-Soviet block and nearly all of Africa except South Africa. Our list is mainly to stop the fraud, so it may not apply if you are blocking for other reasons.

41.0.0.0/8
58.0.0.0/8
59.0.0.0/8
60.0.0.0/8
61.0.0.0/8
77.0.0.0/8
78.0.0.0/8
79.0.0.0/8
80.0.0.0/4 (as I recall, this one blocks all IP's registered with Afrinic but you might want to check, I made up list months ago and forgot some)
81.0.0.0/8
82.0.0.0/8
83.0.0.0/8
194.0.0.0/8
195.0.0.0/8
196.0.0.0/8
213.0.0.0/8
217.0.0.0/8
62.0.0.0/8

Those are the main ones. We also have a few subregions banned, like in the 212 range, but you have to be careful with some - for example 212 covers some spam countries but also some like Iceland and Denmark.

[edited by: Wlauzon at 12:44 am (utc) on Sep. 8, 2007]

Reno

2:30 am on Sep 8, 2007 (gmt 0)

Thank you! Not only will this help with cutting down on the possibility of fraud, but for those of us who never do any business whatsoever outside of the USA, it will save a ton of bandwidth. Much appreciated...

............................