A site for both the WebMaster and the WebUser
IPCountryBlock Package
for dedicated servers
NOTE: If your web site is running on a shared server, go to the
HTCountryBlock page instead. The package available on this
page won't work for you.
This package makes use of the iptables firewall feature in the Linux kernel for blocking
the countries that you do not want accessing your system. A utility is provided that let's
you pick and choose the countries and it will also build a file containing all the iptables
rulesets for you. Then with a simple command, your machine is configured to block the countries.
Now, if you have the system to run this on, it's free. You just download it and put it on
your system. There is a package of files needed from me and one from another source, but that's
free as well. Again, I've only run this on Linux with the Apache server and iptables installed
in the kernel. Another requirement is the kernel mod for iptables known as "iprange".
I tried and tried to get this to work and gave up. I finally came to the conclusion that I had
to upgrade my kernel from the previous 2.4.x to the 2.6.x version to get the iprange module to
work. You might have to as well. My documentation will show you how to check to see if iprange
is working on your Linux system.
The advantage to the iprange functionality is that it allows you to use something like
218.0.0.0-218.31.255.255 instead of 218.0.0.0/11. The x.x.x.x/x function works for this
particular range, but there are many, many ranges of IP addresses used by some countries
where you can't do this. You will cut into a range that you do not want to block. It's
well worth the time and trouble involved in getting the iprange module to work with iptables
because of this.
Even without the iptables functionality, you might enjoy just using the iptocountry.php
program and manually blocking particular ranges one at a time as you feel necessary.
July 18, 2011 changes: Added support for both the older
kernels and the newer kernels. Added a menu program. Only one bookmark needed. Also added
HTML documentation. A lot of code cleanup.
December 17, 2006 changes: Removed the links to the outside
world from the utility programs. This way, the directory you have these located in won't
show up in any log files as the referrer. The log files would be on this site here, but
still it's a security measure for you. Also improved countryiptsetup.php on how it lays
out the database files. It helped iptocountry.php provide a better display.
Here's all the files packed into one tar.gz archive.
updated July 18, 2011
countryblock.tar.gz - This contains all the files
and the documentation.
countryblock.zip - Contains the same files, but in .zip format.
If you'd like, you can also read the documentation here online
before downloading.
Don't go away... you need one more file. This will contain all of the IP address and
country information. Download the "geoip" file from
www.maxmind.com. Look for the free
download called "GeoLite Country". Get the .csv version and not the binary
version. You can also use their "paid for" version if you choose to do so.
The file you will download is named "GeoIPCountryCSV.zip" and after you unzip
it, you will have a file named "GeoIPCountryWhois.csv", and that is the file
that is needed which contains all the country and IP data.
You can put these files wherever you want. You can use an existing directory if you'd
like, but I prefer a separate one. The only requirement is that all the files be in the
same directory and that your web server has access to the directory. Your web server
must also have write permissions set for this directory. Plus, after copying the files
to the directory, make sure the three .php files have the correct permissions set. It's
covered in the documentation. Be sure to read the documentation before loading any of
these files into a web browser. You must run the setup utility first as it will create
the database files from the .csv database file. Nothing will work until you do this.
The files created will all end up in the same directory. The files you download from
here are very small, only about 20K or so, but the .csv database file is about 3 MB - 6MB
(depending on which one you select) and the database files that will get created will
take up another 3 MB - 6MB, approximately.
Go ahead and have fun locking your doors. Unfortunately, this world of ours requires it.
|
