Block Countries by IP Address – htaccess CIDR IP Address Block

Home Forums BulletProof Security Pro Block Countries by IP Address – htaccess CIDR IP Address Block

Tagged: , , ,

  • This topic has 4 replies, 2 voices, and was last updated 9 years ago by Mike.
Viewing 5 posts - 1 through 5 (of 5 total)
  • Author
    Posts
  • April 24, 2015 at 5:18 pm #22189
    Mike
    Participant

    Is it possible to restrict access from specific countries from viewing a site in a browser or logging into a site from specific countries?

    April 24, 2015 at 6:05 pm #22193
    AITpro Admin
    Keymaster

    Yes. You can do that by using CIDR blocks of IP addresses, BUT I strongly recommend that you do not waste your time with doing that.  BPS Pro has your site completely protected so the only reason I can think of to block entire countries would be because your Bandwidth is limited.  These days most hosting comes with unlimited Bandwidth.  See this forum topic for several months of research we did on blocking IP address and by country and using CIDR IP blocks:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/  The end result of all that research was we created JTC Anti-Spam|Anti-Hacker and abandoned trying to block millions of IP addresses since we discovered it is not really effective, time consuming and frankly a very dumb approach.  😉

    If you do decide to mess around with this then this site:  http://www.ipdeny.com/ipblocks/ has agregrated CIDR IP Blocks for countries.

    See this forum topic link for more explanation about why blocking by IP addresses is completely ineffective and a waste of time: http://forum.ait-pro.com/forums/topic/blocked-attempts-but-no-automatic-blocking-of-ip/#post-24854

    April 24, 2015 at 8:51 pm #22200
    Mike
    Participant

    I have 1 client site that doesn’t want certain countries access their site. Currently they are using the WordFence plugin to handle that. I believe it throws a 403 error. I’d like to remove WordFence from their site and put up BPS. Is there something I can put inside the custom code area?

    April 25, 2015 at 7:39 am #22206
    AITpro Admin
    Keymaster

    Let’s say your client wants to block China IP addresses.

    1. You would get the aggregated CIDR IP block of China IP addresses from here:  China CIDR IP Address Block
    2. Copy the CIDR IP Address Block to a text file on your computer or a code editor application so that you can do a find and replace to add “Deny from” in front of all IP addresses. Example: Deny from 27.8.0.0/13
    3. Add this code at the top of the CIDR IP Address block of IP addresses:

    # BLOCK/FORBID Chinese Spammers by CIDR Blocks
Order Allow,Deny

    4. Add this code at the bottom of the CIDR IP Address block of IP addresses:

    Allow from all

    5. Copy your edited CIDR Block of IP addresses to this Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
    6. Click the Save Root Custom Code button.
    7. Go to the BPS Security Modes page and click the Root Folder BulletProof Mode Activate button.

    Example of what the CIDR IP address block code will look like after you have edited it and added “Deny from” above:  http://forum.ait-pro.com/forums/topic/buddypress-spam-registration-buddypress-anti-spam-registration/#post-6906

    Another Example of allowing ONLY US IP addresses instead of blocking other countries IP addresses.  It is ALWAYS better to “allow” vs “block”.

    https://wordpress.org/support/topic/how-do-i-block-visitor-traffic-from-other-countries?replies=2#post-7070813

    I highly recommend that you do not bother with doing this, but if you want to do this then the correct way to do this is to “allow” vs “block”. ie allow only IP addresses from your country instead of blocking all of the other IP addresses from all other countries.

    You can get CIDR IP address blocks from this website:  http://www.ipdeny.com/ipblocks/

    Using the USA IP CIDR block of IP addresses for this example, these are the steps to add the code to BPS Custom Code:

    1. Click on the US aggregated zone file link:  http://www.ipdeny.com/ipblocks/data/aggregated/us-aggregated.zone.
    2. Copy the US CIDR IP Address Block to a text file on your computer or a code editor application so that you can do a find and replace to add “Allow from” in front of all IP addresses. Example: Allow from 3.0.0.0/8
    3. VERY IMPORTANT: Add the “Order Allow,Deny” code at the top of the CIDR IP Address block of IP addresses:

    # Allow ONLY US IP Addresses
Order Allow,Deny
Allow from 3.0.0.0/8
Allow from 4.0.0.0/8
etc etc etc

    3. Copy your edited CIDR Block of IP addresses/code from your text file into this BPS Root Custom Code text box: CUSTOM CODE BOTTOM HOTLINKING/FORBID COMMENT SPAMMERS/BLOCK BOTS/BLOCK IP/REDIRECT CODE: Add miscellaneous code here
    4. Click the Save Root Custom Code button.
    5. Go to the BPS Setup Wizard and run the Wizard.

    April 27, 2015 at 8:28 am #22240
    Mike
    Participant

    Okay thanks.

  • Author
    Posts
Viewing 5 posts - 1 through 5 (of 5 total)
  • You must be logged in to reply to this topic.