Introduction
Sometimes, website owners need to restrict website access based on geographical location. This can be for many reasons, such as to prevent malicious traffic, comply with regulations, or to limit access to a specific audience. For end users and administrators who need to do this on a per-domain basis, the best option is to use a user level .htaccess block to restrict traffic for specific websites on the server.
Please note that using the .htaccess as a firewall may result in significant website slowness as each of these rules are checked for each connection.
Procedure
To start, you will need to retrieve a list of IP addresses that match the location you want to block. This can be done third party tools, one example of such a tool is the third party database IP2Location which focuses on generating blocks for specific countries. You can find a link to this blocker in the Additional Resources section below.
Once you have this list of IP addresses, you will need to add this to the website in question's.htaccess file. The .htaccess that you add this to will matter, and you will need to ensure it's the one that is located within the websites document root. If for some reason a .htaccess does not exist within the document root of the website it can be created by the end user. Information about how to find the document root if needed is below in the Additional Resources section.
Once the .htaccess in question is located, you will need to edit it and either insert the lines from the Firewall.txt that was downloaded from the IP2Location Firewall API or If you are adding these manually using a list of known IP addresses you will need to add them to the file using the format below.
<RequireAll>
Require all granted
Require not ip10.5.3.33
Require not ip10.5.3.34
Require not ip10.5.3.35
Require not ip10.5.3.36
</RequireAll>
Once added and saved, IP addresses configured within the rules will not be able to access the website in question.
Alternative Scenarios
1. What if I wanting to prevent traffic from specific countries from being able to log into services on the server?
If instead you are looking for a method to prevent specific countries or locations from being able log into specific services on the server, we do have the cPhulk software which is able to prevent login attempts from specific countries. More information on that can be found here:
Can I block a country from logging into a service on my server?
This will not prevent users from this country from accessing the server's websites, but will prevent them from logging into cPanel, WHM, SSH, FTP, and Exim/Dovecot.
2. What if I want to prevent traffic from specific countries from accessing the completely at the firewall level?
While cPanel does not have a specific tool for this, the third party firewall CSF by ConfigServer does have this functionality to block requests from specific countries. You can read more about this here:
How to block countries in CSF firewall
Imunify360 also has this functionality, with steps on this from their official documentation here:
imunify360: how to add a country manually to deny list
Comments
0 comments
Article is closed for comments.