mod_geoip - blocking countries

CiscoMike

CiscoMike

Verified User
Joined
Dec 2, 2005
Messages
62
Location
Denver, CO
http://www.maxmind.com/app/mod_geoip

any experience getting this to work with DA? looks straight forward but I wanted to be sure. Why do this? Because the only people that need access to my server are from the US and Canada. Sorry, that's just the way it is. My other option is to make an insanely long list in IPTables which will work but is really overkill although geoip only covers apache and not SMTP. Anyways...

http://www.iana.org/assignments/ipv4-address-space would work to ban /8s base on registry (ban anything not ARIN or IANA). What are your thoughts?
 
And when those people in the US and/or Canada travel somewhere else?

I just want to make sure you understand all the ramifications.

Jeff
 
I'm not selling anything. The people I deal with don't need access outside of the US or Canada. Maybe I'd allow the UK and Aussies but that's it.

I took another approach and while not as clean, it serves my purposes. I just banned every /8 that was directly controlled by RIPE, APNIC and LATAM-ARIN. Problem mostly solved. Unfortunately some /8s are shared between ARIN and the others so now I have to go in and clean out some /9s and /10s to finally ban China, Korea, Sengal, Brazil and a few others. And yes, I have that list.

Sounds elitist, it's not. Yes, the US is full of script kiddies and hackers but when you have 300 million versus the 2 billion+ from asia, you go after the greater evil. The easy solution is to block them completely. Yes, using a proxy gets around that and yes, dedicated attackers will use other methods to get at me if they wanted to but those type of attackers require different methods anyways.
 
I've mod_geoip (free) working with apache 2.0.55.
It is great to block another countries, redirect users from each country to each different site :)
 
You must log in or register to reply here.
Back
Top