How to Block certain countries from accessing your web site on WHM

by Ruchira on July 10, 2012

If you want to block certain countries from accessing your web site, there are many workarounds. The most popular and worst method is blocking by IP ranges. But this isn’t a effective solution because of the IP range allocations changes day by day and its almost impossible to find IP range data base of a big country for example like China.  And even if you did that, it will slow down your server drastically because even the ranges are too high and iptables software on your server will have to crosscheck every users IP addresses from the blocked range database resulting in slow response times and increased server load.

Config Server Firewall ( CSF ) firewall is a most feature rich software firewall available for linux and it integrates with WHM ( Web Host Manager Cpanel) very easily, enabling loads of configurable options at your disposal.  Installing this is very easy when compared to options it has and this provides GUI to control the options on WHM

In my case I wanted to block China from accessing a web site because we were receiving fairly large amount of SPAM registrations from Chinese IPs and our web site had no use for Chinese users as well. So in this guide I’ll explain how I blocked China ( same method goes for other countries/multiple countries as well ) from accessing our web site.

Requirements

  • Cpanel WHM access is required. So you will have to be administrator of your server to have access to this

Features

  • CSF firewall uses Maxmind geoIP data base to find the IP ranges to block, that’s the most well maintained database of IP ranges on internet. You can trust this because there is no other service available better than this.

Constraints

  • Adding multiple countries will slow down your server if you don’t have enough resources and if your site is really busy

Install CSF Firewall

Installing CSF firewall is extremely easy, just run these commands one by one on your SSH console

wget http://www.configserver.com/free/csf.tgz
tar -xzf csf.tgz
cd csf
sh install.sh

 

And that’s it. Installation is done, Now restart your server. Or just restart all the services from WHM.

To open the csf firewall control panel, log in to WHM and on the left side bar you will see “ConfigServer security & Firewall ” at the bottom and click on that.

 

After that you will be presented a control panel of CSF like this

 

 

To block countries, we need to edit the Firewall configuration and to do that click the “Firewall Configuration” button on that control panel.

Add Country/Countries to block list

After you click that “Firewall Configuration” button you will be taken to a place which will show many options in text format and we need to find the  ” SECTION:Country Code Lists and Settings” on that page. Its there after you scroll for about 30% of the page.

Or just click Edit – > Find on your web browser and search for “Country” term and you will be able to easily find that section.

 

 

On that you can see a box saying  ” CC_DENY = ” like shown on the screencap above.

So to add countries to block list, you just need to add the 2 letter code of the countries to that box. In my Example I have added “CN” for China.  So if you need to add multiple countries like USA , Germany and China just enter “CN,US,GB” on that box.

 

After adding scroll to the bottom of the page and click “change” button to save the changes. And restart the services using WHM.

 

Thats it!

I'm Ruchira Sahan and all posts on this blog are completely my thoughts and writings. I love DIY and Technology. So feel free to contact me for anything about this blog and don't forget to add a comment if this blog helped you! Thanks
Ruchira
View all posts by Ruchira

{ 4 comments… read them below or add one }

1 ernest.madeje August 8, 2012 at 1:41 AM

please tel me the unlock code / flash of huawei u8180-1 , imei 357232041241413 so as to be free to accept
cim card like vodacom,airtel,tigo etc

Reply

2 todd November 1, 2012 at 6:49 PM

Very helpful article, but friendly reminder about this
Firewall Status: Enabled but in Test Mode – Don’t forget to disable TESTING in the Firewall Configuration

Reply

3 Ruchira November 7, 2012 at 10:40 AM

thanks for mentioning that out 🙂

Reply

4 Ruchira November 19, 2012 at 9:45 AM

thanks 🙂

Reply

Leave a Comment

Previous post:

Next post: