How to Block Visitors by Country Using .htaccess: A Step-by-Step Guide
When you own a website, you often want to allow visitors from everywhere. But sometimes, it’s necessary to block visitors from specific countries, such as when hosting a local contest or managing website traffic. Blocking countries can also help reduce bot activity and unwanted traffic on your site.
The easiest way to block or allow visitors from certain countries is through .htaccess without needing complex server configurations. You can do this with FTP and country-specific IP lists in CIDR format.
Important: Regularly update your IP lists, as IP address databases are constantly changing, and outdated lists can accidentally block legitimate traffic.
1. IP2Location
IP2Location has been a trusted provider of geolocation databases since 2002. They offer a free firewall database that lets you block or allow specific countries. You can generate the block list by selecting IPv4, the country (or countries), and choosing “Apache .htaccess deny” or “allow” from the menu.
Once generated, download the text file and upload it to your website’s root directory. Rename the file to .htaccess after uploading, as Windows doesn’t support that file extension.
Note: The free database may be limited and isn’t always up-to-date.
2. Country IP Blocks
Country IP Blocks offers a similar service, providing both premium and free GeoIP databases. You can select the countries you want to block or allow and then generate an access control list for .htaccess.
The free version may be 30–60 days old, while premium users get access to the most recent data.
3. BlockACountry.com
BlockACountry.com is useful for handling country blocking for a few websites. After signing up for a free account, you can create a block list by selecting a website and a country to block. You can edit your selections at any time by logging into your profile.
4. IPdeny
IPdeny offers downloadable country-specific IP blocks, though their online firewall generator is no longer available. To use their data, download the country zone file, open it in Notepad++ or WordPad (avoid Notepad), and add the appropriate code to make it compatible with .htaccess.
Here’s a sample modification for Apache compatibility:
pgsqlCopyEdit<Limit GET HEAD POST>
order allow,deny
allow from all
After adding the IP blocks, close the list with </Limit>.
5. Country IP Range from RIPE
For updated IP ranges, Ivan Erben’s Python script fetches daily IP data from RIPE (the official IP address administrator). Although you’ll need to modify the output to fit .htaccess, the script offers accurate, up-to-date data.
Download Country IP Range from RIPE
6. Software77 IP to Country Database
Software77 offers a free IP-to-country database. Choose the country you want, select CIDR format, and submit the form to generate the IP blocks. As with the others, you’ll need to convert it for .htaccess.
Visit Software77 IP to Country Database
7. LUDOST.NET
LUDOST.NET collects IP data from various sources, including RIPE, and provides it in several formats compatible with Apache, Nginx, and iptables. You can select countries by their two-letter codes and generate an access control list for .htaccess.
By following these steps, you can efficiently block or allow visitors from specific countries using .htaccess. Each method comes with its pros and cons, so it’s essential to choose the best fit for your needs. Always ensure your IP lists are updated regularly for the best results.
Thank you for this awesome article! IP2Location is great to go and it is free.
How to Allow or Block Visitors from Specific Countries On BLOGGER
Instead of blocking access to the entire website, is there a way to block access to a specific webpage (e.g. a blog post geared towards local residents) from specific country?
your best bet would be using PHP then.
It took me an hour to implement, and they have a code example on their github
Sorry, forgot to refer the website. I used ipstack, they have 10,000 free requests to geolocate an IP address per month
Good one. There is one more option – if you have to block the traffic at the Apache webserver level, you can use MaxMind’s GeoIP based blocking. More details here : cloudibee.com/geoip-based-country-blocking-for-apache/
Very much useful for me thanks for posting…
Hello
i want to block bots by GEO IP
just bots
how can i do it ?
Please Help me
Here is a much better way of utilizing IPdeny than using “deny from” directives (for more advanced Linux/Apache administrators).
You can develop a simple bash script to download ip addresses for a particular country (represented as a zone) from ipdeny.com. The bash command would be something like:
wget -qNP [dir] ipdeny.com/ipblocks/data/countries/XX.zone
Where [dir] is the directory you wish to store the zone file containing the list of ip addresses for the country; and XX is the two character country zone code.
You can then read the ip addresses into an ipset using the strategy described at: hueyise.com/index.php/linux-dynamic-ip-address-blocking… however, this strategy applies specifically to dynamically blocking malicious ip addresses (e.g., hackers) that are discovered during operations and blocking them immediately.
I successfully implement a tailored version of this strategy to automatically download ip addresses for certain countries once per day, and then read the ip addresses into an ipset defined for blocking inbound/outbound accesses by these countries.
Indians and Nigerians are the worst offenders. Blocking India out helped greatly, I was getting tired of spam, abuse, harassment.
awesome article….
cloudflare.com is also good but you’ll need to set custom page rules
I have enormous problems with Indian’s stealing content and basically raping my website and republishing it on theirs without permission.
Around 20% of my traffic came from India so when i blocked the entire country i thought i would lose 20% of my traffic.
Actually, my traffic has increased by over 30% after blocking India because i am preventing Indians from stealing my work and ideas.
On top of this, your site will not get as many low quality links from low authority spam sites in India.
You migh add myipblocker.com to your list. It’s awesome and free!
No need for .htaccess there. Once configured it handles all ip/country checking and redirects to a custom url when access is not granted. it works pretty well.
Hi, I just got pingback from you to my blog, nice :)
If you need wan’t to block access to website from specific country, it is better option to use mod_geoip for webserver, if it is possible. It is included in most distributions. Once installed you just put into .htaccess
GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE MX AllowCountry
# … place more countries here
Deny from all
Allow from env=AllowCountry
Check dev.maxmind.com/geoip/legacy/mod_geoip2/ for more documentation.
Hello Ray. Very interesting information. I’ve been looking for this since for a long time.
Thanks for another fantastic post hats off man, and please remember that there are many fans of ur fans esp from india :P
Thanks so much, Ray!
thanks for the information.
Good one Ray..