Magento Security

Country Blocking in Magento Made Easy With These Steps

Updated on: May 19, 2020

Country Blocking in Magento Made Easy With These Steps

Article Summary

Country Blocking in the Magneto CMS is an essential feature that not all people are taking advantage of. Blocking a country where your site is not relevant can reduce the load on the servers, reduce the risk of cyber-attacks on Magento and help you run your site with CIA website standards.

Country Blocking in Magento CMS is an essential feature that not all people are taking advantage of. Blocking a country where your site is not relevant can reduce the load on the servers, reduce the risk of cyber-attacks on Magento, and help you run your site with CIA website standards.

A website by default is available to everyone on the web. Many websites are simply not relevant to people living in some specific country thus it’s not worth it to maintain access to those users.

Henceforth, the importance of Country Blocking in Magento comes in. Restricting access to your website for people living in a specific country is called Country Blocking. Country Blocking is usually done by firewall rules in the application that allows us to simply drop the network packages from some specific countries.

Below are some methods that you can use to implement Country Blocking in your Magento Installation.

Different Methods to Do Country Blocking in Magento

1. Country Blocking in Magento With a Firewall

With the Astra firewall installed on your Magento store, you can block a country with a click of a button. This is how:

  • Login to the Astra dashboard
  • Head over to the ‘Threats’ page
  • Click on ‘Add Custom Rule’
  • Type the country you want to block and then click on the ‘Block’. And that’s it!

Country Blocking in Magento
Country Blocking by the Astra Firewall

You can also use this feature vice versa. That is, in the “Add Custom Rule” section, search for a country and whitelist it. All other countries will automatically be blocked after this, except the one you whitelisted. Repeat this for the countries you want to whitelist and you have a defined audience by the end of it.

So far, blocking with the Astra Firewall is the most time-efficient method to block countries. But if you want to learn more ways scroll down. If you do not have the Astra Firewall installed on your Magento store, you can install the Astra Firewall from here. Besides country blocking, the Astra firewall also blocks attacks like XSS, CSRF, Bad Bots, LFI, RFI, OWASP Top 10 and several others. Take an Astra demo to get an even better idea.

2. Blocking Countries Via .htaccess Rule

.htaccess is a configuration file on the web-root directory of Magento. This file is essential for SEO optimization of the web app and in this case, will help us in blocking a country from our Magento store. Let’s see how that is done.

You simply have to write rules to deny access from certain IP range belonging to that country. So first, you would need to identify the IP range of that country. You can easily do this with a quick google search. After you get the list of the IP range of that specific country. Do this-

  1. Access your Magento store via cPanel
  2. Navigate to the root directory. You will see the .htaccess file there.
  3. Click to open the .htaccess file and add the following rule to it:
order deny,allow  
deny from xx.yy.zz.ww/23 
deny from xxx.yy.zzz.ww/32 
deny from xxx.yyy.zz.ww/32   
allow from all

Replace the arbitrary IPs to the IP list you just obtained, and you are done. These rules will restrict access to IPs belonging to that specific country you wanted.

3. Country Blocking Via GeoIP Module

The other efficient method, if you have your Magento Installation on Linux server, is to use GeoIP Module.

As I said, this module requires you to be on a Linux platform and have the Magento installation on the Nginx server. If you have this exact configuration in place GeoIP can be a suitable option.

Here, we will be using Ubuntu 18.0 LTS as our operating system and Ngnix Server, for this tutorial.

If you don’t have Nginx module already installed, first install the Nginx module to support GeoIP. You can install this with the following command:-

apt-get install nginx-plus-module-geoip2

Now, install the following dependencies on your Debian based Linux server

sudo apt-get install geoip-database-extra libgeoip1 libnginx-mod-http-geoip -y

After the installation, get the latest packet of the GeoIP module. Since apt repo is a community maintained repository they might not always have the latest packets. In this case, run these commands to get your latest packet.

 cd /usr/share/GeoIP/
 sudo mv GeoIP.dat GeoIP.dat_org
 sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
 sudo wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
 sudo gunzip GeoLite2-Country.tar.gz
 sudo gunzip GeoLite2-City.tar.gz

Further, you have to configure the Nginx to work with the GeoIP module. To do so open the Nginx.conf (i.e /etc/ngnix/ngnix.conf) in vim or nano and add this line in HTTP block.

geoip_country /usr/share/GeoIP/GeoIP.dat;
geoip_city /usr/share/GeoIP/GeoIPCity.dat;

Thereafter, we will add the countries we want to block. This can be easily done by editing the HTTP block of the /etc/ngnix/ngnix.conf and block countries as follows:

map $geoip_country_code $allowed_country {
   default yes;
   # Pakistan
   PK no;
   # Ukraine
   UA no;
   # Russia
   RU no;
   # China
   CN no;
   }

The $allowed_country function of the above code allows all countries except the ones written below. That is, Pakistan, Ukraine, Russia, and China would be blocked after this code. Here is the two-letter code for all countries.

After you have added the above code, add these lines too. This will return a 444 error for the blocked countries.

if ($allowed_country = no) {
    return 444;
}

Conclusion

Blocking access for countries where your store is not relevant will only make it smooth to operate your store. With a reduced server load and load time, you can ensure a better experience for your customers and visitors. In addition to that, blocking countries in Magento will also go a long way in protecting you from cyber threats and increase your Magento Store Security.

All the other methods mentioned above are best suited to someone with prior background of technical knowledge. For an average user or store owner, doing those twisted set-ups and running codes can mean more problems if anything goes wrong. Some methods also include tedious setups which may feel hectic for a newbie. But blocking with the in-built country blocked in the Astra Firewall extension can be used by all and any. We recommend you go for the automatic country blocker in the Astra firewall if you want to save time and effort.

Found the article helpful? Let us know your thoughts in the comment box 🙂

Was this post helpful?

Jinson Varghese

Jinson Varghese Behanan is an Information Security Analyst at Astra. Passionate about Cybersecurity from a young age, Jinson completed his Bachelor's degree in Computer Security from Northumbria University. When he isn’t glued to a computer screen, he spends his time reading InfoSec materials, playing basketball, learning French and traveling. You can follow him on Medium or visit his Website for more stories about the various Security Audits he does and the crazy vulnerabilities he finds.
guest

This site uses Akismet to reduce spam. Learn how your comment data is processed.

0 Comments
Inline Feedbacks
View all comments

Psst! Hi there. We’re Astra.

We make security simple and hassle-free for thousands
of websites and businesses worldwide.

Our suite of security products include firewall, malware scanner and security audits to protect your site from the
evil forces on the internet, even when you sleep.

earth spiders cards bugs spiders

Made with ❤️ in USA France India Germany