As a webmaster, you want the world to have access to your website. That’s especially true if you have a product or service to sell.
However, there are reasons why you may want to restrict access to your website. If you happen to operate a landscaping company in British Columbia, Canada, then you’re probably not interested in generating interest from potential customers in the Philippines. Broadcasting your website to the world and allowing other countries to index it is a waste of bandwidth.
Allowing worldwide access to your website is a bad idea for other reasons. As Privacy Australia notes, many hacking and phishing schemes are conducted by bad actors in other countries.
Which Countries Have the Most Hackers?
According to Security Today, the countries that have the most hackers are China, Turkey, Russia, Brazil and the U.S. Depending upon where your company is located, you may want to block access from any or all of these countries.
If you have customers in these nations, then blocking access won’t work. Instead, you’ll have to beef up website security. Some of these steps may include:
-Keeping your software up to date
-Installing any pertinent security plug-ins
-Making all passwords complex
-Using Content Security Policy
-Securing File Permissions and Directories
Whether you’ll be blocking access from certain countries or not, the above list of security protocols is critical to protecting your website.
What Is .htaccess?
Suppose that you have identified users from a country that you suspect are trying to hack or otherwise undermine your website. You’re located in Canada, and the website visitors have IP addresses that originate in Turkey. Your business does not operate in Turkey, you have no customers there and you’re worried that you’re being targeted for an attack.
What can you do?
The answer may lie in .htaccess. This configuration file is used on web servers that run Apache Web Server software. The .htaccess file is loaded onto the server software where it is subsequently executed. These files can be used to disable or enable numerous functions and features.
Among the capabilities of .htaccess is blocking website visitors from unwanted IP addresses. Here is an example of the code you would create to restrict visitors from certain IP addresses from being able to access your website:
deny from 255.0.0.0
deny from 124.35.6
allow from all
Accordingly, all visitors with either the IP address 255.0.0.0 or 124.35.6 will be denied access. Notice that in the second denied IP address, the fourth set of numerals is missing. All IP addresses that begin with “124.35.6” will be blocked regardless of the content of the fourth set of digits.
The next time that someone from a blocked IP address tries to access your website, they will receive an error message that says “403 Forbidden.”
What If You Have a Long List of IP Addresses to Block?
Any hacker worth their salt isn’t going to use just one IP address. They may use several, and many hackers now work out of farms. A webmaster can block one IP address, but the same bad actor just pops up a few minutes later with a new IP address.
Adding each IP address to the “deny” list in your coding is time-consuming and likely to be a losing battle. Fortunately, you may be able to make use of some alternatives.
Some webmasters who are really concerned about being targeted by hackers in another country are getting memberships for service providers such as Country IP Blocks. This Internet-based service allows users to choose specific countries that they would like to block from accessing their website. It’s possible to select multiple countries at a time and what kind of restriction protocol, including .htaccess, should be used.
After making selections, the website generates code that can be copied into the user’s website to prevent web browsers from certain countries from accessing the website. Comprehensive in scope, this is an efficient shortcut when compared to having to painstakingly enter IP addresses one by one.
Options for People Who Don’t Want to Use .htaccess
.htaccess configuration files are fairly helpful when it comes to limiting access to a website. However, it’s not necessarily the most effective or efficient method.
IP2Location may be a reasonable alternative. This company sells IP geolocation databases as well as offering a free and extensive database firewall list. Organized by country, it’s possible to choose to allow everyone in the IP address list to access your website or to ban them. If you sign up for a free account, you can block as many as 30 countries. Choose the selection Apache .htaccess deny from the menu, which gives you an appropriate text file to upload the directory on your homepage.
BlockACountry.com is another website that may be useful if you have several websites to protect. After signing up for a free membership, you enter a website address and select which countries you would like to block. This enables you to download the appropriate block list.
Your Web Host May Be Able to Help
The better your web host, the more secure your website is going to be. If you’re using shared hosting, then there may be little that your host can do to block IP address from particular countries. Although you may have access to a control panel, you may not have networking controls because any changes you made might affect all of the other websites that are hosted on the same server.
Still, you may be able to add certain IPs to your firewall. This also is the case with bare metal servers. You have complete control over this server, but you may not have control over how the back end is routed.
When it comes to blocking certain countries from accessing your website, you have many options. One or a combination of these options may help to protect your website from a hacker.