Block IP Addresses by Country

One of the worst things about being a webmaster is the constant battle we wage against spammers and scrapers. A majority of these creeps have IP addresses which originate from outside the United States in countries like China, Russia, Latvia and Nigeria.

After years of being a webmaster, I have found that a majority of these countries send only bots and other nefarious users to my sites. So I use htaccess IP banning to handle these net-scumbags most of the time.

IP banning in a htaccess file looks like this:

order allow,deny
deny from
allow from all

There are many services online that will give you IP CIDR block listings by country such as IPDeny, Block a Country and Country IP Blocks. The last two will actually generate the htaccess deny statements for you, which is a huge time saver.

If you ever find the need to block country IP’s, be sure to check out the sites above.

3 thoughts on “Block IP Addresses by Country”

  1. I disagree with Dawn Young, merely on the fact that IP2Location will only give 1 country per listing anonymously, and 30 per country if you register with them. As I hate registering for a site just to use something one time, I find the others much more user friendly, even if they aren’t up to date. Likewise another solution would be to make a php script that checked the country of the IP address visiting, and banned accordingly. It could even create a log of IP ranges for you to put into htaccess.

  2. You can do that also with mod_security to really block by country. Typical rule:

    SecRule REQUEST_URI “.*” “chain,drop,logdata:’Country is: %{geo.country_code} (%{})'”
    SecRule REMOTE_ADDR “@geoLookup” “chain”

    The first two country codes are special: anonymous proxies, etc.

Leave a Reply

Your email address will not be published. Required fields are marked *