...

View Full Version : how to block Russia and China with .htaccess?



code beginner
04-11-2010, 08:42 PM
Hello,

I wish to block *all* web traffic (human or robots) from Russia and China. I found this on the internet, but I'm not sure if it is the right script to drop into the .htaccess file:

RewriteEngine On
RewriteCond %{HTTP_REFERER} \.ru [NC,OR]
RewriteCond %{HTTP_REFERER} \.cn [NC]
RewriteRule .* - [F]


I'm looking for a "block everything" approach, not a list of 100 selected IP addresses that are known to be bad. I could list all of those dotted-decimal address that people talk about, but that's very sprawling and changing. I want something static and simple: if you're from Russia or China - you get blocked. That's why the .ru, .cn script above looks interesting. It seems to say "if you're from .cn or .ru, you get blocked".

However, I read somewhere that the IP address (dotted decimals) blocks are better, because there could be a China internet address that has elected to not use the .cn top-level domain, and thus will not be blocked by the .cn block. I'd be happy to use *both* if needed: block all .cn and all of the listed bad IP address blocks.

I would also be willing to use a "block all trans-Atlantic traffic" approach, if that makes the script more hardened and secure. Meaning, if the signal needs to cross the ocean to reach the USA (probably through an underwater cable), it's blocked automatically.

People and robots outside the US and Canada are irrelevant to my web activity. Any signals originating from outside these regions are either noise or nefarious. It's nothing personal; I simply know this web activity is unnecessary at best. So I want to block them, especially Russia and China. And I'll take Nigeria while we're at it too.

So if anybody could post a definitive, succinct script to drop into the .htaccess file on the Apache server, that would be great.

Also, if someone knows an excellent Apache textbook that takes you step-by-step through the important web server/security topics, that would be great too.

abduraooft
04-12-2010, 10:08 AM
Also, if someone knows an excellent Apache textbook that takes you step-by-step through the important web server/security topics, that would be great too.
People can easily spoof IP and "user agents". So, blocking a set of IPs to improve security doesn't make much sense. The only effective way is to find out vulnerabilities in your code and fix it, along with using a strong password for ftp/db/user accounts.

With that said, I use a simple straight forward mechanism to block all bots which do not follow the robots.txt file. See an example at http://www.kloth.net/internet/bottrap.php

forextrader07
04-13-2010, 02:44 AM
People can easily spoof IP and "user agents". So, blocking a set of IPs to improve security doesn't make much sense. The only effective way is to find out vulnerabilities in your code and fix it, along with using a strong password for ftp/db/user accounts.

With that said, I use a simple straight forward mechanism to block all bots which do not follow the robots.txt file. See an example at http://www.kloth.net/internet/bottrap.php

WOW, that's cool for blocking all those bots and scrapers and so on.
thanks

code beginner
04-13-2010, 07:00 PM
Thanks,

It looks like a multi-aspect approach is best.

So if there are any other ideas, please post!

Techmafia.org
04-14-2010, 05:31 PM
You may ban from Ips if u want to ban specific IPs from a Chinese /Russian region?



EZ Archive Ads Plugin for vBulletin Copyright 2006 Computer Help Forum