I have a local Web site that I would like to tighten access to only those within the United States; or perhaps only within Florida. It's a Word Press site that has gotten hacked due to some weak code. I've seen two sources of IP address lists for .htaccess "allow deny" control by IP Address.
IP by Country/Continents:
http://www.countryipblocks.net/continents/
Wizcrafts List:
http://www.wizcrafts.net/htaccess-blocklists.html
What is the best approach for blocking everything except United States traffic? How would you approach the deny/allow? Would you deny other Countries or try to allow only the U.S.?
Thanks for any comments, Jeff
Add this list to the .htaccess located on the root folder of your server.
It will only allow connections from the US.
ex .htaccess file:
allow from IP
203.31.234.0/24
129.230.176.0/20
etc...
you can use deny from All in order to forbid access to your site!
In countryipblocks you can download all IPs from the area you want and add allow from IP to your .htaccess file! so only those IPs can access to your site!
Edit: Remember you can add IP range instead of one IP!
I downloaded .htacees from that site, and that was ok!
Related
This seems like it should be a trivial task but isn't proving to be one for me...
How should I go about pointing multiple domain names to the same GitHub Pages hosted site?
Example:
I have created an account named test on GitHub and created a repository test.github.io
I bought test.com
I configured test.com's DNS as below
I have told GitHub Pages to enforce https and look out for custom domain test.com
My site is now live on test.com and www.test.com, woohoo!
DNS Config for test.com:
A # 185.199.108.153 (github's nameserver)
A # 185.199.109.153 (github's nameserver)
A # 185.199.110.153 (github's nameserver)
A # 185.199.111.153 (github's nameserver)
CNAME # www.test.github.io (for www redirect)
I would ALSO like example.com (and a few other domains, foo.com, bar.com and foobar.com) to redirect to test.com
How do I do this?
With an apache server, this would be easy, be GitHub Pages only supports static sites.
Any ideas?
As always, thanks for any suggestions!
The ideal place to have this redirect is your DNS provider. You can redirect foo.com, bar.com, etc. or whatever you want to test.com. Alternatively, if you happen to use Cloud Flare, forwarding can easily be setup from there too.
But if you don't want to do that and insist on using Github only, refer to this answer. What you can do in this case is create another repository (other than test.github.io) with same contents and link it to another domain such as foo.com. You can use Github Actions or something to sync your changes from main repo to the others.
Of course, the only drawback of this method is that for every domain you want to link, you'll have to create an additional github repo.
I've accepted #Prahlad Yeri's answer from above, and am just leaving this here so that other's who stumble onto this question can easily figure out how to do this... As mentioned "The ideal place to have this redirect is your DNS provider"
To do this with domains purchased from domain dot com it is VERY simple, and even INSTANTANEOUS! I can imagine with GoDaddy or other providers it will be similar.
On Domain dot com's control panel:
Log into account for the domain you wish to redirect
Go to "Pointers and Subdomains" on the left sidebar
Choose either "URL Standard" or "URL Stealth" from the pointer options, then enter the desired redirect URL in the "Directory" field
Press Save and you're good to go, immediately!
URL Stealth means that your URL will remain as what the user has typed in, and URL standard means it will display the URL of the site that you've directed to. More documentation on pointers and subdomains (for domain dot com) can be found at domain.com/help/article/domain-management-how-to-update-domain-pointers
I am familiar with denying access based on an IP, block of IPs, browser, URL etc... but my problem here is, let me state, how to deny access if it came from some IP address, at least 3 times a second for long period of time. Here, you don't know the IP address unless you look at the access file. By the time you found out the IP address it's already drawn too much of the bandwidth.
You can't use htaccess for doing this. The out-of-box apache directives can't handle browsing sessions. You'll need to install some sort of log parser, maybe something like fail2ban? Or you can probably cook up a set of iptables rules for blocking lots of connections from one IP: https://askubuntu.com/questions/437059/linux-command-to-prevent-dos-attack-by-using-netstat-and-iptables
I know it is easy to block an individual IP address or a whole country from viewing my website via htaccess, however I need to block a city in the UK only and have the visitors from the blocked city redirected to another external URL.
Here is some code I already have for my htaccess file, but I have been searching everywhere on how to block just a UK city or region. Where would I find the range of IPs for a specific UK city? or is there a better way of doing this?
# BAN USER BY IP
<Limit GET POST>
order allow,deny
allow from all
deny from (an individual IP address or range)
</Limit>
ErrorDocument 403 http://www.google.com
you have to use IptoLocation Script(http://www.ip2location.com/) and then you can check the city or region after that Blocking a City or Region from website.
There are several ways to do this. First you can use any geoIP API to query the location of the visitor. Just google geoIP API to see what's available. There are online solutions and downloadable databases as well.
You can also "wire in" the banned IP address blocks into your webapp. You can query block information at http://location2ipaddress.com/ for example. If you want to use the .htaccess file to do this, then all you need is the ip range data - put this into the deny list and you're done.
Whatever you do, blocking is a delicate topic.
It is easy to go around the block by using proxy servers.
Blocking whole ranges is risky, you are preventing innocent users from accessing your website. There is no harmless, 100% safe way to do this.
I want to block traffic coming from IP-addresses far outside of my region in germany, so people from cities more than 300 km away cannot access it(barring they use a proxy).
How do I find the IP-Addresses to include/exclude?
You cannot restrict dynamically via htaccess.
(In your site homepage if your website is built in PHP)
You can use
$_SERVER['REMOTE_ADDR'] or $_SERVER['REMOTE_HOST'] variables.
to find out the IP of the client visiting your website and then if its beyond your particular radius, you redirect them.
To find out the distance between two IP address, please see Get the geographic distance between 2 IP addresses?
To allow only a particular IP, you can use htaccess as follows :
order allow,deny
allow from 255.0.0.0
deny from all
Hope this helps.
forgive the trivial question but I don't understand how to use ip addresses properly to deny access to my site. Let's say i have got the web site www.mywebsite.com. Suppose I have the following 3 ip addresses from my office machine:
ipv4: 192.1.2.3
default gateway: 192.1.2.345
and the global ip for my network: 456.34.56.78 (retrieved using www.globalip.com)
Now I would like to grant access to any user in my network hence i would have thought that the right number to use is the global ip 456.34.56.78 common to all machine in my office:
I am using the following code:
# redirect all visitors to alternate site but retain full access for you
ErrorDocument 403 http://www.bbc.com
Order deny,allow
Deny from all
Allow from 456.34.56.78
but it is not working. It is redirecting all machine in my network as well as external ones.
What I am doing wrong? Thank you for your help