How to Block Entire Countries from Accessing Your Website
If you run a small business like a local bookstore, you may need to open a website to target your local audience on a larger platform. However, you have to understand that a website is accessible to the whole world. Since your content does not target people from other countries, you should not expect traffic from them.
You may need some sort of restrictions to minimize wastage of bandwidth on your servers. In the same way, you may also need restrictions for a personal or private website such as a family website.
As at January 2015, Chinese people contributed to the second largest volume of traffic on most websites in the US. While your website content might be useful to them, the traffic might be irrelevant to you. In fact, your site might not have the capability to even translate to the Chinese language. It is interesting to know that 99% of brute force attacks originate from China.
Having a large traffic is not the issue. However, the issue is that probably 99% of the traffic is bots, brute force attacks, and other vulnerabilities that can severely harm your website. The only solution is blocking the website from the unintended audience.
Blocking other countries does not apply to all websites. For instance, a hotel website may need to attract foreign visitors. If you run such a website, it is therefore prudent to ascertain whether blocking certain countries will affect your business. Below are some of the common ways to block foreign countries’ access to your website.
Trying to block the entire country through .htaccess might not be successful. Some hackers use advanced methods to do their dirty work. Blocking an IP just because it originates from a particular country does not address the problem in the long-run. Actually, in most cases, real hackers do not use their personal IP addresses and there is no guarantee that blocking the addresses will target the hacker.
There are over four billion IPv4 IP addresses and it can be very difficult to categorize them by country. In fact, such an endeavor might not be practical since your .htaccess config file will grow into thousands of lines of texts.
You can try using ip2location to see the number of lines it will take to block an entire country. For instance, you require over 150, thousand lines of texts to block the US. .htaccess option can only be effective for a handful of IP addresses and should be read on request and not cached.
Always use hosting companies that include blocking controls. There are two main types of inbuilt controls that the hosting companies should use; bare metal and shared hosting. Bare metal, also known as VPS helps you to have control over elements of the website such as the firewalls, hosting software and the control panel.
Although most hosting companies do not provide blocking countries as a default setting, they offer a basic firewall to blacklist unwanted addresses. On the other hand, a shared server comes with a control panel that will enable you to add IP addresses to the firewall.
Content Delivery Networks
Although this option may not provide you with all the solutions you need for your entire website, it can partially solve the issue of blocking other countries.
For instance, if your website deals with media files, you can use a CDN with in-built geo tools to block access of users from other countries. Some advanced CDNs are enabled with Geo-restriction that can help you block access by the country code.
Instead of using .htaccess that will cause thousands of lines in your website, you can use C library and Apache module. You will only need to place the database somewhere between the library and the module and simply block countries by codes.
For this option to work efficiently, you may need an advanced access to your servers. Alternatively, you can outsource services from companies offering such services. For example, Geolite2 from MaxMind is a free database for IP lookups. This database will enable you to handle traffic at your own convenience.
In summary, although some situations may require geo-restrictions and other firewall restrictions, you shouldn’t solely rely on .htaccess. Instead, you should involve CloudFlare, Incapsula, ModSecurity or other WAF solutions for protection against today’s security issues.
Even though some web administrators may be skeptic about blocking the access of your website from other countries, you may do so for added security. It is worth trying than leaving your website at the mercies of unverified access.