How to Block Countries from Your Website [8 Ways]
Obviously when you are the owner of a website, you’d want to allow visitors from all over the world to access your website. However, there are times when there is a need to block visitors from some countries on a certain webpage or vice versa. One good example is when you host a local contest online and you only want people from your own country to participate. Allowing visitors from your country while blocking the rest is the way to go, so there is no need to manually prune ineligible participants when choosing the winner. If you don’t have a powerful server that can handle the load created by unknown or unimportant bots, it is also best to temporarily block them from accessing your website.
The easiest way to block visitors from a country is by using .htaccess because we can do it ourselves through FTP without installing or messing with the iptables firewall rules. Here we have different places to obtain a generated country IP list in CIDR format for free and another method using a cloud-based web application firewall.
An important note if you want to block visitors by country using htaccess. Make sure you periodically generate a new list because the IP address database changes from time to time or else you might either miss or wrongly block visitor from other countries.
1. IP2LocationIP2Location has been around since 2002 selling IP geolocation databases. Other than that, they also offer a free database firewall list by country to either allow everyone in the IP address list and ban everyone else, or ban the IP addresses and allow everyone else. To generate the block list, select IPv4, select the country (if you require more than 1, you’ll need to sign up for a free account that allows up to 30 countries) and choose Apache .htaccess deny from the drop down menu. You will get to download a text file which is to be uploaded to your homepage’s directory as .htaccess. You’ll need to rename the file to .htaccess after uploading the text file because you can’t do it in Windows.
If you want to allow access only to specific countries, select the “Apache .htaccess allow” option instead. Although it is not mentioned if the free country IP database has limited or full accuracy, most of the time the free version is limited as it’s not constantly being updated. There is also no mention of when the database was last updated.
2. Country IP Blocks
Similar to IP2Location, Country IP Blocks also sells premium GeoIP databases and also offers free generation of an access control list to block or allow visitors from specific countries. To generate the block list, select the countries followed by selecting either .htaccess deny or .htaccess allow. Clicking the Create ACL button will instantly generate the data to be copied to the .htaccess file.
Country IP Blocks did mention that the generated data can be 30-60 days old whereby the purchased membership has access to the most current data.
3. BlockACountry.com
BlockACountry.com will be quite useful if you implement country blocking for a few websites because it generates block lists through profiles. You must first sign up for a free account. After logging in, you’ll need to provide a website address and select the country that you want to block, then you’re allowed to download the block list. Whenever you don’t recall the country that you’ve blocked, simply login to BlockACountry and click on the Edit link for the website.
4. IPdeny
IPdeny used to have an online firewall rule generator but it is now offline. You can however still download the IP blocks according to countries and make some minor modification so that it will be compatible with an Apache .htaccess allow or block list. First download the country zone file from IPdeny’s website. Do not open the text file with Notepad because the “\n” line breaks are not recognized in Notepad. Use Wordpad or third party programs such as Notepad++ to open it. First, you need to add these 3 lines to the top of the data.
<Limit GET HEAD POST>
order allow,deny
allow from all
Next, you need to add a prefix “deny from” followed by the IP blocks. Instead of manually adding the prefixes, you can use TextMechanic to do it. Copy and paste the IP blocks to the top box. Then add “deny from ” to the box that says “Add this prefix into the beginning of each line”. Make sure that there is a space after the word “from”. Finally click the “Add Prefix and/or Suffix” button.
Copy all the data from textmechanic.com and paste it into the text file replacing the old IP blocks. Finally, add a closing tag of </Limit> at the end of the list. You now have a fully working block list based on IPdeny’s IP blocks.
5. Country IP Range from RIPE
Ivan Erben has written a small and useful python script that can automatically download and parse ranges from RIPE (RIPE officially administers IP addresses). He has also scheduled the script to automatically run on his server every day at 12:00 and the generated IP blocks are available to download for free.
This python script is brilliant because the IP blocks are from the official group that governs the use of IP address and it’s updated daily. The only thing is you’ll need to follow the instructions in method number 4 to make the list Apache compatible.
Download Country IP Range from RIPE
6. Software77 IP to Country Database
Another place to obtain country IP listings in CIDR format is software77.net. It is a webhosting and domain name registration company but they offer a free IP to Country database. At the right hand sidebar, select the country that you want to obtain the IP address list, select CIDR format and click Submit.
At the next page refresh, a report will be made available where you can copy the data. The IP address list is also a plain CIDR format, so you’ll need to make it Apache .htaccess compatible as well.
Visit Software77 IP to Country Database
7. LUDOST.NET
You can find IP <-> Country databases at LUDOST.NET for free. This free service collects IP data from multiple sources mainly from RIPE. A good thing at LUDOST.NET is they offer several output format templates that are compatible with iptables, ipfw, Cisco/Apache/Ngix ACL.
To generate an IP database, first you need to input a list of countries based on the two letter country code (separated by space if you need to input multiple country codes), select the template and click the “Submit query” button. If you want to block visitors from countries using .htaccess, select the “apache-deny” template. When the data has been generated, you can save it to your computer by pressing Ctrl+S, upload the file to your web server and rename it to .htaccess.
8. Incapsula
Incapsula is one of the most popular cloud-based web application firewalls with the aim of protecting your website against attack and also to speed it up at the same time. There are a couple of plans but the free one is good enough to block visitors from a country. After setting up your website to use Incapsula, go to Settings > Security > Block Specific Sources. You can either type the name of the country in the box or click the “Select from List” where you get to choose from a list or by clicking on a world map. Finally, click on the Save button located at the top right.
The country blocking takes effect nearly instantly after saving the changes. The blocked user will see an access denied error with the error code 16 and an additional message “This request was blocked by the security rules”.
Additional Notes: For CloudFlare, you can find an option in “Threat Control” to block visitors from a country but be informed that this feature doesn’t fully ban the visitor from accessing the website. It merely provides an additional security check through CAPTCHA verification. The visitor can still access the website after correctly solving the CAPTCHA. CloudFlare did mention that they may implement full blocking in near future.
Thank you for this awesome article! IP2Location is great to go and it is free.
How to Allow or Block Visitors from Specific Countries On BLOGGER
Instead of blocking access to the entire website, is there a way to block access to a specific webpage (e.g. a blog post geared towards local residents) from specific country?
your best bet would be using PHP then.
It took me an hour to implement, and they have a code example on their github
Sorry, forgot to refer the website. I used ipstack, they have 10,000 free requests to geolocate an IP address per month
Good one. There is one more option – if you have to block the traffic at the Apache webserver level, you can use MaxMind’s GeoIP based blocking. More details here : cloudibee.com/geoip-based-country-blocking-for-apache/
Very much useful for me thanks for posting…
Hello
i want to block bots by GEO IP
just bots
how can i do it ?
Please Help me
Here is a much better way of utilizing IPdeny than using “deny from” directives (for more advanced Linux/Apache administrators).
You can develop a simple bash script to download ip addresses for a particular country (represented as a zone) from ipdeny.com. The bash command would be something like:
wget -qNP [dir] ipdeny.com/ipblocks/data/countries/XX.zone
Where [dir] is the directory you wish to store the zone file containing the list of ip addresses for the country; and XX is the two character country zone code.
You can then read the ip addresses into an ipset using the strategy described at: hueyise.com/index.php/linux-dynamic-ip-address-blocking… however, this strategy applies specifically to dynamically blocking malicious ip addresses (e.g., hackers) that are discovered during operations and blocking them immediately.
I successfully implement a tailored version of this strategy to automatically download ip addresses for certain countries once per day, and then read the ip addresses into an ipset defined for blocking inbound/outbound accesses by these countries.
Indians and Nigerians are the worst offenders. Blocking India out helped greatly, I was getting tired of spam, abuse, harassment.
awesome article….
cloudflare.com is also good but you’ll need to set custom page rules
I have enormous problems with Indian’s stealing content and basically raping my website and republishing it on theirs without permission.
Around 20% of my traffic came from India so when i blocked the entire country i thought i would lose 20% of my traffic.
Actually, my traffic has increased by over 30% after blocking India because i am preventing Indians from stealing my work and ideas.
On top of this, your site will not get as many low quality links from low authority spam sites in India.
You migh add myipblocker.com to your list. It’s awesome and free!
No need for .htaccess there. Once configured it handles all ip/country checking and redirects to a custom url when access is not granted. it works pretty well.
Hi, I just got pingback from you to my blog, nice :)
If you need wan’t to block access to website from specific country, it is better option to use mod_geoip for webserver, if it is possible. It is included in most distributions. Once installed you just put into .htaccess
GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE MX AllowCountry
# … place more countries here
Deny from all
Allow from env=AllowCountry
Check dev.maxmind.com/geoip/legacy/mod_geoip2/ for more documentation.
Hello Ray. Very interesting information. I’ve been looking for this since for a long time.
Thanks for another fantastic post hats off man, and please remember that there are many fans of ur fans esp from india :P
Thanks so much, Ray!
thanks for the information.
Good one Ray..