|
|
||||||
|
||||||
| Index Link To US Private Messages Archive FAQ RSS | ||||||
| IT Discussion Forum Having IT issues? Got IT questions? Who doesn't? If you can't get your Apache to work with your MySQL or your php is choking on your ODBC... Let's see if we can help you come up with some ideas. |
Share Thread: & Tags
|
||||
|
![]() |
|
|
LinkBack | Thread Tools | Display Modes |
|
|||
|
Quote:
The database contains information on 4.3 billion IP addresses and is completely refreshed each day with the latest RIR information. Country IP Blocks: Network Allocations by Country with Searchable IP Database
__________________
I use Country IP Blocks as added security for my networks and servers. |
|
||||
|
Interesting. What is your experience with it?
|
|
||||
|
"The future is here. It's just not evenly distributed.
Hm. IMO it is too early to know the future. |
|
||||
|
This is a quick and dirty example of pf blocking a specific ip range using pf on FreeBSD This was for the ftp port
same line except of course port 80 block in on $ext_if proto tcp from 118.107.162.0/24 to port 21 TAKEN from this setup set block-policy return ext_if=bge0 int_if=bge1 udp_services = "{ domain, ntp }" icmp_types = "echoreq" scrub in all block in on $ext_if set skip on lo pass inet proto icmp all icmp-type $icmp_types keep state pass quick inet proto { tcp, udp } to any port $udp_services pass in on $int_if proto tcp from any to $int_if port 53 pass in on $int_if proto udp from any to $int_if port 53 pass in on $int_if proto tcp from any to $int_if port 80 pass in on $int_if proto udp from any to $int_if port 80 pass in on $int_if proto tcp from any to $int_if port 22 pass in on $int_if proto tcp from any to any port 21 keep state pass in on $int_if proto tcp from any to any port > 30000 keep state pass out on $int_if proto { tcp, udp } all pass in on $ext_if proto tcp from any to $ext_if port 53 pass in on $ext_if proto udp from any to $ext_if port 53 pass in on $ext_if proto tcp from any to $ext_if port 80 pass in on $ext_if proto udp from any to $ext_if port 80 pass in on $ext_if proto tcp from any to any port 21 keep state pass in on $ext_if proto tcp from any to any port > 30000 keep state pass out on $ext_if proto { tcp, udp } all block in on $ext_if proto tcp from 118.107.162.0/24 to port 21 antispoof for $ext_if antispoof for $int_if
__________________
"The future is here. It's just not evenly distributed. |
|
||||
|
Disallow all and then allow US's IP's.
More info here from a Norwegian Ip: Network and System Administration I 10 |
|
|||
|
Of course a good system admin would locate offenders if they were on top of things. I merely wanted to point out that it isn't fail-safe by itself. I know you know that, for others.
It's definitely a cat and mouse game. Of course, the same applies not only to web services, but, email and other services. That's why the firewall is a better choice than simply adding to .htaccess |
|
||||
|
Yes, and there are foreigners signing up on Norwegian Ip's. That must be a much bigger problem to the USA, but there may be some hosters to avoid
|
|
|||
|
Quote:
__________________
Click on this link NOW to start making money online: http://www.mynetmarketingland.com/FREE-Report/ |
|
||||
|
There is a caveat when you use the Apache's directives in a .htaccess file to allow only the US IP address. The directives run to a few thousand lines. Your HTTP server has to process this for every visitor and that can slow down your server. The best place to block unwanted elements is at the firewall.
For dynamic sites, extra load involved in processing long .htaccess files can sometimes result in transient overload. |
|
||||
|
Quote:
I believe what they were asking, as what the others apparently also believe, is regarding blocking bad bots and suspect IP ranges from getting access to their website. What you're talking about is personal computer IP address cloaking.
__________________
God Bless, -Clint (Join Date: 2003) |
|
||||
|
Quote:
I'm no expert on Apache nor htaccess, but adding a new entry is only: deny from x Where "x" is the IP address, or partial address. Are you saying that creating one of those adds thousands of other lines elsewhere? The block only applies to PC with the tagged IP.
__________________
God Bless, -Clint (Join Date: 2003) |
|
||||
|
Quote:
For allowing only IP addresses coming from the US, you will have to factor in this: # Country: UNITED STATES # ISO Code: US # Total Networks: 36,549 # Total Subnets: 1,460,108,286 The listing of all these network segments will run into a few thousand lines. |
|
||||
|
Quote:
__________________
God Bless, -Clint (Join Date: 2003) |
|
||||
|
I believe there are a lot of scripts out there, I know some use the .htaccess thing in their index and directories.
But sometimes it depends on what's supported in your web hosting. And I think I have that feature easily handed. Visit my free professional web hosting service below. |
![]() |
|
| Thread Tools | |
| Display Modes | |
|
|
Similar Threads
|
||||
| Thread | Thread Starter | Forum | Replies | Last Post |
| IP Blocking | whatever | Webmaster Resources Discussion Forum | 3 | 06-04-2008 07:07 PM |
| Would I be blocking Google? | business-directory | Google Discussion Forum | 7 | 03-01-2008 09:08 AM |
| Blocking IP's | MrLeN | Web Programming Discussion Forum | 3 | 01-25-2006 06:27 AM |
| Am I somehow blocking spiders? | malcolm | Search Engine Optimization Forum | 1 | 05-23-2004 06:36 AM |
| Pop up blocking | Greyhawk | The Castle Breakroom (General: Any Topic) | 7 | 01-29-2004 09:43 AM |
|
WebProWorld |
Advertise |
Contact Us |
About |
Forum Rules |
MVP's |
Archive |
Newsletter Archive |
Top |
WebProNews
WebProWorld is an iEntry, Inc. ® site - © 2009 All Rights Reserved Privacy Policy and Legal iEntry, Inc. 2549 Richmond Rd. Lexington KY, 40509 |