If you want to block certain countries from accessing your web site, there are many workarounds. The most popular and worst method is blocking by IP ranges. But this isn’t a effective solution because of the IP range allocations changes day by day and its almost impossible to find IP range data base of a big country for example like China. And even if you did that, it will slow down your server drastically because even the ranges are too high and iptables software on your server will have to crosscheck every users IP addresses from the blocked range database resulting in slow response times and increased server load.
Config Server Firewall ( CSF ) firewall is a most feature rich software firewall available for linux and it integrates with WHM ( Web Host Manager Cpanel) very easily, enabling loads of configurable options at your disposal. Installing this is very easy when compared to options it has and this provides GUI to control the options on WHM
In my case I wanted to block China from accessing a web site because we were receiving fairly large amount of SPAM registrations from Chinese IPs and our web site had no use for Chinese users as well. So in this guide I’ll explain how I blocked China ( same method goes for other countries/multiple countries as well ) from accessing our web site.
- Cpanel WHM access is required. So you will have to be administrator of your server to have access to this
- CSF firewall uses Maxmind geoIP data base to find the IP ranges to block, that’s the most well maintained database of IP ranges on internet. You can trust this because there is no other service available better than this.
- Adding multiple countries will slow down your server if you don’t have enough resources and if your site is really busy
Install CSF Firewall
Installing CSF firewall is extremely easy, just run these commands one by one on your SSH console
tar -xzf csf.tgz
And that’s it. Installation is done, Now restart your server. Or just restart all the services from WHM.
To open the csf firewall control panel, log in to WHM and on the left side bar you will see “ConfigServer security & Firewall ” at the bottom and click on that.
After that you will be presented a control panel of CSF like this
To block countries, we need to edit the Firewall configuration and to do that click the “Firewall Configuration” button on that control panel.
Add Country/Countries to block list
After you click that “Firewall Configuration” button you will be taken to a place which will show many options in text format and we need to find the ” SECTION:Country Code Lists and Settings” on that page. Its there after you scroll for about 30% of the page.
Or just click Edit – > Find on your web browser and search for “Country” term and you will be able to easily find that section.
On that you can see a box saying ” CC_DENY = ” like shown on the screencap above.
So to add countries to block list, you just need to add the 2 letter code of the countries to that box. In my Example I have added “CN” for China. So if you need to add multiple countries like USA , Germany and China just enter “CN,US,GB” on that box.
After adding scroll to the bottom of the page and click “change” button to save the changes. And restart the services using WHM.
Last 5 posts by Ruchira
- How to setup SSH key based access on Google Compute Engine - May 23rd, 2013
- Google Compute Engine benchmarks - May 23rd, 2013
- OpenVPN Auto installer - May 23rd, 2013
- Change your DSL modems default logins now or get hacked - May 22nd, 2013
- Just another Paypal phishing attempt - May 21st, 2013