Not every Drupal website needs or wants traction in each country within the world. Websites like a flower shop, bakery, car wash, laundry, babysitting, lawn mowing, etc. may be relevant only to locals of an area. Overseas attention might be irrelevant & absurd for these Drupal sites. Now, this is where country blocking comes as a relief.
Unless you consciously block access to countries, all countries have access to your website by default. This may result in excess burdening on your server’s bandwidth. Moreover, it also attracts severe security risks for your website. Country blocking is a great & smart way to put your website off the radar for countries which do not cater to your needs.
Most importantly, there are some countries which are notorious for sending attack vectors. Hence, blocking them would only be a prudent decision for your website. The following stats on attacks origins as discussed in this informative guide on hacking stats backs our point here –
Clearly, China tops the list of cyber attack origins. Besides China, The USA, Russia, Brazil are some other countries infamous for being home to hackers. But, as I said, this can easily be taken care of with country blocking.
Commonly, country blocking is done by the following methods:
- Country blocking through .htaccess – Apache
- Country blocking by NGINX + GeoIP Module
Let’s figure out how each of these processes works:
Country blocking in Drupal through .htaccess – Apache
Step 1 – Get the IPs of a country
There are several tools on the net available for free which avails you the complete list of IP ranges of a country. And, one such tool is the IP2LOCATION. So, follow these steps to generate the IP ranges of different countries.
- Go to – https://www.ip2location.com/free/visitor-blocker
- Scroll down, and insert the country name, IP versions, and output format.
- Hit ‘Download’ to export the .txt file with the IPs.
- Repeat the process for different countries.
Step 2 – Open your .htaccess file
- Login into your website through FTP or cPanel
- Navigate to your public_html directory
- Open .htaccess file there.
Step 3 – Copy the IP list into .htaccess file
- Copy & paste the generated IP in the .htaccess file
- Save and upload it back to the server.
By following this simple process you can block countries easily. Still, country blocking through .htaccess has some limitations. First, the IP list keeps on changing & growing. So, you would need to update the list every 2-3 months.
Country blocking in Drupal by NGINX + GeoIP Module
Step 1 – Install the GeoIP module
The first step is to install Nginx with HttpGeoIpModule. You can check if your Nginx is compiled with HttpGeoipModule using-
nginx -V
if you see –with-http_geoip_module as a result of the above command you can proceed.
Step 2 – Download the GeoIP Database
The next step is to install maxmind’s GeoIP database. The following line of command could be used here –
sudo apt-get install geoip-database libgeoip1
This downloads the GeoIP database and places it at – /usr/share/GeoIP/GeoIP.dat
Step 3 – Configure Nginx for blocking
You have the database with all the IP ranges of all the countries is ready to use. Just open the Nginx configuration file & add the following command at the start of HTTP block. Nginx will fetch the details from the database and do the needful.
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
PK no;
AU no;
}
The above code translates to allow all countries except Pakistan (PK) & Australia (AU).
You can also do it as allowing a few countries and blocking others, see below-
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
IN yes;
US yes;
}
this will block all the countries except India and the USA.
Step 3 – Set a Block Page
Next, you would need to set a block page for all these blocked countries. You can do this as:
- Open the server block file in your website
- And, add the following lines in that file and save
if ($allowed_country == no) { return 404; }
This will program the browser to return a 404 not found error for a blocked country. You can also set other HTTP status codes such as the 444-HTTP error code or 403- access denied error code.
Step 4 – Reload/Restart Nginx
At last, reload the Nginx server for the changes to reflect.
sudo service nginx restart
How Astra helps in blocking countries & IP ranges in a click for your Drupal website
These were some of the methods to do country blocking in Drupal. However, there is one more even simpler method left. This is the one-click country blocking by Astra. Country blocking is an ingrained feature in the Astra firewall. You need not fuss about updating the IP list. This method does not require any coding skills. And, this also has an easy IP whitelisting functionality, in case you change your mind.
Here is how you can benefit from it:
- Install the Astra Firewall, and log into your Astra dashboard
- Navigate to the ‘Threats’ page.
- Scroll down to find ‘Add a custom rule’ section
- Insert the country you would like to block and click on the ‘Block’ button, and you are good to go.
In case, you’d like to unblock it you can do that by scrolling down to ‘Trusted & Blocked List’ and simply delete the country from the list.
Comments & Discussions