I want to block traffic coming from IP-addresses far outside of my region in germany, so people from cities more than 300 km away cannot access it(barring they use a proxy).
How do I find the IP-Addresses to include/exclude?
You cannot restrict dynamically via htaccess.
(In your site homepage if your website is built in PHP)
You can use
$_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_HOST'] variables.
to find out the IP of the client visiting your website and then if its beyond your particular radius, you redirect them.
To find out the distance between two IP address, please see Get the geographic distance between 2 IP addresses?
To allow only a particular IP, you can use htaccess as follows :
order allow,deny
allow from 255.0.0.0
deny from all
Hope this helps.
Related
We are whitelabeling some website software, but in order to use it, our clients must point their domains to the software's nameservers. We'll say ns1.softwareco.com and ns2.softwareco.com.
Since we're whitelabeling, I don't want our clients to see Software Co's name in the name servers.
I could easily mirror Software Co's DNS settings, but if Software Co updates them in the future, my settings would be incorrect.
Is it possible to just point my nameservers ns1.whitelabelco.com and ns2.whitelabelco.com to Software Co's nameservers?
Your best way of achieving this is to follow the lead of other companies.
For example, if you look at how github allows the configuring of custom domain names for their pages product. Which is whitelabelling in effect.
The two options you have are basically, that you have a static IP address that will last for the lifetime of your service. Which would mean you would need to buy that address, complete with a contract to ensure it didn't need to be changed. You could place that address infront of load balancers etc, so it could be directed to multiple servers at the backend (even multiple locations)
The simpler option is to offer a CNAME redirection to your clients.
You tell your clients that you have service.example.com and they should point their servers to that with a CNAME record. so their clients will see www.domain.com but that will be redirected to your site.
The downside of a CNAME record over an IP Address, is that the end user can see that it is a whitelabel product. The problem is that DNS is an open system, and no matter what you do with it the end user will be able to see what you've done and find out that you are hosting that site.
The only way around that is to use an IP Address.
I am familiar with denying access based on an IP, block of IPs, browser, URL etc... but my problem here is, let me state, how to deny access if it came from some IP address, at least 3 times a second for long period of time. Here, you don't know the IP address unless you look at the access file. By the time you found out the IP address it's already drawn too much of the bandwidth.
You can't use htaccess for doing this. The out-of-box apache directives can't handle browsing sessions. You'll need to install some sort of log parser, maybe something like fail2ban? Or you can probably cook up a set of iptables rules for blocking lots of connections from one IP: https://askubuntu.com/questions/437059/linux-command-to-prevent-dos-attack-by-using-netstat-and-iptables
I know it is easy to block an individual IP address or a whole country from viewing my website via htaccess, however I need to block a city in the UK only and have the visitors from the blocked city redirected to another external URL.
Here is some code I already have for my htaccess file, but I have been searching everywhere on how to block just a UK city or region. Where would I find the range of IPs for a specific UK city? or is there a better way of doing this?
# BAN USER BY IP
<Limit GET POST>
order allow,deny
allow from all
deny from (an individual IP address or range)
</Limit>
ErrorDocument 403 http://www.google.com
you have to use IptoLocation Script(http://www.ip2location.com/) and then you can check the city or region after that Blocking a City or Region from website.
There are several ways to do this. First you can use any geoIP API to query the location of the visitor. Just google geoIP API to see what's available. There are online solutions and downloadable databases as well.
You can also "wire in" the banned IP address blocks into your webapp. You can query block information at http://location2ipaddress.com/ for example. If you want to use the .htaccess file to do this, then all you need is the ip range data - put this into the deny list and you're done.
Whatever you do, blocking is a delicate topic.
It is easy to go around the block by using proxy servers.
Blocking whole ranges is risky, you are preventing innocent users from accessing your website. There is no harmless, 100% safe way to do this.
forgive the trivial question but I don't understand how to use ip addresses properly to deny access to my site. Let's say i have got the web site www.mywebsite.com. Suppose I have the following 3 ip addresses from my office machine:
ipv4: 192.1.2.3
default gateway: 192.1.2.345
and the global ip for my network: 456.34.56.78 (retrieved using www.globalip.com)
Now I would like to grant access to any user in my network hence i would have thought that the right number to use is the global ip 456.34.56.78 common to all machine in my office:
I am using the following code:
# redirect all visitors to alternate site but retain full access for you
ErrorDocument 403 http://www.bbc.com
Order deny,allow
Deny from all
Allow from 456.34.56.78
but it is not working. It is redirecting all machine in my network as well as external ones.
What I am doing wrong? Thank you for your help
I have a local Web site that I would like to tighten access to only those within the United States; or perhaps only within Florida. It's a Word Press site that has gotten hacked due to some weak code. I've seen two sources of IP address lists for .htaccess "allow deny" control by IP Address.
IP by Country/Continents:
http://www.countryipblocks.net/continents/
Wizcrafts List:
http://www.wizcrafts.net/htaccess-blocklists.html
What is the best approach for blocking everything except United States traffic? How would you approach the deny/allow? Would you deny other Countries or try to allow only the U.S.?
Thanks for any comments, Jeff
Add this list to the .htaccess located on the root folder of your server.
It will only allow connections from the US.
ex .htaccess file:
allow from IP
203.31.234.0/24
129.230.176.0/20
etc...
you can use deny from All in order to forbid access to your site!
In countryipblocks you can download all IPs from the area you want and add allow from IP to your .htaccess file! so only those IPs can access to your site!
Edit: Remember you can add IP range instead of one IP!
I downloaded .htacees from that site, and that was ok!