I am getting a lot of spam visitors (most probably faked) to my websites from a certain country (Ukraine) and I want to block this country because they are wasting my bandwidth for nothing. Is this an easy task with htaccess or something like that? Awstats can list visitors based on their country, that makes me think that it is possible to identify a visitor’s country and then blocking it should be easy.
I wish we didn’t have such webmasters in the world but unfortunately we have and I fear that we will always have.
ip2country.com has an api which you can use which determines the country a visitor is from. Whether you use it to allow or deny a visitor access to your website is your business (and your coding).
Hi David, thanks for the suggestion. That website seems to be selling databases for a yearly price. I might consider them if my websites get bigger and bring in more money. But at this time, I am looking for a free solution if possible.
I know that IP address of visitors can be identified by PHP, can’t we do the same for country codes? Or does it always have to be checked from a pre-defined database?
Sorry, there ARE IP to country websites which offer their services for free … and even provide the PHP code for you to use. After a search, I’ve (re)discovered http://phpweby.com/software/ip2country.
If you’ve ever looked at the IP blocks by country and how they’re presented (the quad blocks are multiplied out to give a numerical entry, e.g., your localhost is 127.0.0.1 which will be accessed as 127256256256+0256256+0256+1 or 2130706433), you know that you want to keep away from that! When the databases need updating frequently, you KNOW that’s something to leave to others, too!
http://www.ipinfodb.com/ offers an API with coding examples in two steps, a free version and a more accurate detailed version. If all you need is the country identification, the free version will do it for you.
Sorry it took so long for me to find it - it was hidden in plain sight!
David, thank you very much for your continued help and contribution. That will surely help.
About this country identification based on IP blocks, I think it would have been a lot easier and faster for us if the countries had IP blocks within a certain range and not hundreds of different ranges. I think whoever allocated those IP addresses years ago, didn’t do a great job.
So, let’s say I want to allow traffic only from the US. I created a sample htaccess file from ipinfodb.com and it is 43000+ lines. Would that dramatically affect my website loading speed? Will it cause high load on the server? I wish there was a simpler method for identifying visitor’s country. Maybe in some near future someone discovers a way to do that without checking thousands of IP blocks.
ip2nation also requires that you download and maintain a massive database - NOT a desirable option!
nayen,
OMG! Yes, yes and there is! Simply use a PHP script as an autoprepend to obtain the two letter country code (from the API provided) and allow/reject based on that! The script which ipinfodb offers connects to their server to use their database (which they maintain)
Of course, visitors using a proxy server can get around that but you should be able to use the Apache variable shown here:
That could (untested) be used like:
...
# Since the HTTP_PROXY_CONNECTION is either null (false) or contains the HTTP_PROXY_CONNECTION value (true)
RewriteCond %{HTTP_PROXY_CONNECTION} false
RewriteRule .? - [F]
Of course, a truly anonymous proxy server should be able to hide this information.
Alternatively, I don’t know whether anonymous proxy servers can use the HTTPS protocol (I would be surprised if they could not) but that may be another option.
I’ve been expanding my online tutorial into a complete book. Here is the code I have to:
Okay, that’s nearly identical to what I’d just provided so you should be able to use either (I think I prefer the false over ‘not empty’ but I’ll allow you to test on your server).