Guide for intermediate
If your website is filled with SPAM comments, often targeted with automated robots or has been attacked or exploited, or you just want to increase the security of your website by blocking access from a specific country, follow this guide.
- check the level of security with VirusScanner
- block access to the website for a country the attacks IP address comes from
- block specific IP addresses the attacks come from
Block access based on country
It is important tot analyze access the website is attacked from – it is possible by external tool Google Analytics, or offline via our recommended tool Apache viewer. In this step it is necessary to discern GeoIP country code (according to norm iso3166). A country list will help you classify the countries. After you gain knowledge of the country code, you can disable access from specific country by access directive in .htaccess file – each country can be added by a simple command.
<IfModule mod_geoip.c> GeoIPEnable On </IfModule> SetEnvIf GEOIP_COUNTRY_CODE UA dny SetEnvIf GEOIP_COUNTRY_CODE RU dny SetEnvIf GEOIP_COUNTRY_CODE CN dny Deny from env=dny
This code block access from Ukraine, Russia and China. You can repeat this process for multiple countries, or so-called “turn” the directive.
If we would want to allow only access from Slovakia:
<IfModule mod_geoip.c> GeoIPEnable On </IfModule> SetEnvIf GEOIP_COUNTRY_CODE SK alwDeny from all Allow from env=alw
You can allow access only from selected countries. Code bellow allows access only from Czech republic, Slovakia, Poland and Hungary.
<IfModule mod_geoip.c>
GeoIPEnable On
</IfModule>
<IfModule mod_authz_core.c>
Require expr "%{ENV:GEOIP_COUNTRY_CODE} in { 'SK', 'PL', 'CZ', 'HU' }"
</IfModule>
You can use several free tools (mostly in English) that allow you to generate code to use in .htaccess. We would recommend countryipblocks.net.
Block access form a specific IP address
In some cases it may be necessary to block access only from a specific address or allow a specific IP address for security or testing purposes. Access can be controlled by Order, Allow and Deny directives of .htaccess. “Allow” directive grants access while “Deny” directive blocks access to the website.
For example if you want to block access from IP 93.23.11.7, you will add following line of code to .htaccess:
Deny from 93.23.11.7
These directives are processed in three steps determined by directive Order.
Unlike typical firewall the last rule always applies and the directives are processed in groups: First Allow and then Deny or vice versa. The directive “Order” specifies the sequence:
Order Deny,Allow
Firstly directives Deny are processed and only then directive Allow are processed. Any IP address in “Deny” will be blocked even if it is also on “Allow” group. If IP address is not listed in Allow or Deny it is always allowed.
Order Allow,Deny
Firstly directive group “Allow” is processed and only the “Deny” group is processed. If IP address is listed in “Deny” group it will be blocked even if listed in “Allow”. Any IP address that is not on the list will be automatically blocked.
In the following lines of code there is only access from IP 37.13.22.16 allowed and from all other IPs is blocked.
Order Deny,Allow Deny from all Allow from 37.13.22.16