If you want to block certain countries from accessing your web site, there are many workarounds. The most popular and worst method is blocking by IP ranges. But this isn’t a effective solution because of the IP range allocations changes day by day and its almost impossible to find IP range data base of a big country for example like China.
And even if you did that, it will slow down your server drastically because even the ranges are too high and iptables software on your server will have to crosscheck every users IP addresses from the blocked range database resulting in slow response times and increased server load.
Config Server Firewall ( CSF ) firewall is a most feature rich software firewall available for linux and it integrates with WHM ( Web Host Manager Cpanel) very easily, enabling loads of configurable options at your disposal. Installing this is very easy when compared to options it has and this provides GUI to control the options on WHM
In my case I wanted to block China from accessing a web site because we were receiving fairly large amount of SPAM registrations from Chinese IPs and our web site had no use for Chinese users as well. So in this guide I’ll explain how I blocked China ( same method goes for other countries/multiple countries as well ) from accessing our web site.
- Cpanel WHM access is required. So you will have to be administrator of your server to have access to this
- CSF firewall uses Maxmind geoIP data base to find the IP ranges to block, that’s the most well maintained database of IP ranges on internet. You can trust this because there is no other service available better than this.
- Adding multiple countries will slow down your server if you don’t have enough resources and if your site is really busy
Install CSF Firewall
Installing CSF firewall is extremely easy, just run these commands one by one on your SSH console
tar -xzf csf.tgz
And that’s it. Installation is done, Now restart your server. Or just restart all the services from WHM.