Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 5 of 5
  1. #1
    Regular Coder
    Join Date
    Sep 2009
    Posts
    167
    Thanks
    15
    Thanked 1 Time in 1 Post

    how to block Russia and China with .htaccess?

    Hello,

    I wish to block *all* web traffic (human or robots) from Russia and China. I found this on the internet, but I'm not sure if it is the right script to drop into the .htaccess file:

    RewriteEngine On
    RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
    RewriteCond %{HTTP_REFERER} \.cn [NC]
    RewriteRule .* - [F]


    I'm looking for a "block everything" approach, not a list of 100 selected IP addresses that are known to be bad. I could list all of those dotted-decimal address that people talk about, but that's very sprawling and changing. I want something static and simple: if you're from Russia or China - you get blocked. That's why the .ru, .cn script above looks interesting. It seems to say "if you're from .cn or .ru, you get blocked".

    However, I read somewhere that the IP address (dotted decimals) blocks are better, because there could be a China internet address that has elected to not use the .cn top-level domain, and thus will not be blocked by the .cn block. I'd be happy to use *both* if needed: block all .cn and all of the listed bad IP address blocks.

    I would also be willing to use a "block all trans-Atlantic traffic" approach, if that makes the script more hardened and secure. Meaning, if the signal needs to cross the ocean to reach the USA (probably through an underwater cable), it's blocked automatically.

    People and robots outside the US and Canada are irrelevant to my web activity. Any signals originating from outside these regions are either noise or nefarious. It's nothing personal; I simply know this web activity is unnecessary at best. So I want to block them, especially Russia and China. And I'll take Nigeria while we're at it too.

    So if anybody could post a definitive, succinct script to drop into the .htaccess file on the Apache server, that would be great.

    Also, if someone knows an excellent Apache textbook that takes you step-by-step through the important web server/security topics, that would be great too.
    Last edited by code beginner; 04-11-2010 at 08:14 PM.

  • #2
    Supreme Master coder! abduraooft's Avatar
    Join Date
    Mar 2007
    Location
    N/A
    Posts
    14,855
    Thanks
    160
    Thanked 2,223 Times in 2,210 Posts
    Blog Entries
    1
    Also, if someone knows an excellent Apache textbook that takes you step-by-step through the important web server/security topics, that would be great too.
    People can easily spoof IP and "user agents". So, blocking a set of IPs to improve security doesn't make much sense. The only effective way is to find out vulnerabilities in your code and fix it, along with using a strong password for ftp/db/user accounts.

    With that said, I use a simple straight forward mechanism to block all bots which do not follow the robots.txt file. See an example at http://www.kloth.net/internet/bottrap.php
    The Dream is not what you see in sleep; Dream is the thing which doesn't let you sleep. --(Dr. APJ. Abdul Kalam)

  • #3
    New to the CF scene
    Join Date
    Apr 2010
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by abduraooft View Post
    People can easily spoof IP and "user agents". So, blocking a set of IPs to improve security doesn't make much sense. The only effective way is to find out vulnerabilities in your code and fix it, along with using a strong password for ftp/db/user accounts.

    With that said, I use a simple straight forward mechanism to block all bots which do not follow the robots.txt file. See an example at http://www.kloth.net/internet/bottrap.php
    WOW, that's cool for blocking all those bots and scrapers and so on.
    thanks

  • #4
    Regular Coder
    Join Date
    Sep 2009
    Posts
    167
    Thanks
    15
    Thanked 1 Time in 1 Post
    Thanks,

    It looks like a multi-aspect approach is best.

    So if there are any other ideas, please post!

  • #5
    New to the CF scene
    Join Date
    Mar 2010
    Location
    www.techmafia.org
    Posts
    8
    Thanks
    1
    Thanked 0 Times in 0 Posts
    You may ban from Ips if u want to ban specific IPs from a Chinese /Russian region?


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •