Htaccess country block

This tool will automatically create rules for Apache webservers on Linux system to block visitors from selected countries. The blocklist is created with an API that fetch data in our SQL database based on IP address country location.

Data accuracy

The list of IP address by country below is a grouping of IP by country and CIDR of our database. The data has over 99.5% accuracy on a country basis. The database is updated monthly.

API Usage

First you need to know the code (ISO 3166 format) of the country you would like to block. The full list is available here

Once you have the country code, you can now get the list at the following url (Afghanistan and Argentina in this example). If your browser show the data on a single line, simply view the page source code :

http://ipinfodb.com/country_query.php?country=AF,AR&output=htaccess_deny

Where country is the list or countries, with a coma between them and output is either htaccess_deny or htaccess_allow. This will output something like this :

#COUNTRY_BLOCK_START
<Limit GET HEAD POST>
order allow,deny
deny from 58.147.128.0/19
deny from 67.212.160.0/24
deny from 80.247.139.0/24
deny from 82.205.190.0/21
[...]
allow from all
</Limit>
#COUNTRY_BLOCK_END

Bash script

The following script will fetch the right IP addresses of the country you would like to block from our API and then add these rules in iptables :

#!/bin/bash
###ipinfodb.com###
 
###MODIFY THIS SECTION###
WORKDIR="/home/someuser/"
HTACCESSFILE="htaccessfile.txt"
HTACCESSBLOCK="htaccess-blocklist.txt"
TEMPFILE="htaccess.temp"
COUNTRIES="AF,AR"
TYPE="deny"
#########################
 
#####DO NOT MAKE MODIFICATIONS BELOW#####
 
cd $WORKDIR
 
#Get the file from blogama.org API
wget -c --output-document=$HTACCESSBLOCK "http://ipinfodb.com/country_query.php?country=$COUNTRIES&output=htaccess_$TYPE"
 
for i in $( cat $WORKDIR$HTACCESSFILE ); do
  if [ -f $i ]; then
    cat $i 2>&1 | grep "COUNTRY_BLOCK_START"
    if [ "$?" -ne "1" ]; then #ALREADY IN HTACCESS
      sed '/#COUNTRY_BLOCK_START/,/#COUNTRY_BLOCK_END/d' $i > $WORKDIR$TEMPFILE
      cat $WORKDIR$HTACCESSBLOCK >> $WORKDIR$TEMPFILE
      mv $WORKDIR$TEMPFILE $i
    else #NOT IN HTACCESS
      cat $WORKDIR$HTACCESSBLOCK >> $i
    fi
  fi
done
 
rm -f $WORKDIR$HTACCESSBLOCK

How the script is working?

You will have to create a text file with all .htaccess files (with complete path) you wish to update with the script. If you have other information in your htaccess files they will still remain there, the script will only update the portion between the tags "#COUNTRY_BLOCK_START" and "#COUNTRY_BLOCK_END".

Before you start

Create a text file named htaccessfile.txt. In that file, put all (existing!) .htaccess files you wish to update. For example

/var/www/example.com/.htaccess
/var/www/mydomain.com/.htaccess

Script configuration

On top of the script, you will need to modify these variables :

###MODIFY THIS SECTION###
WORKDIR="/home/someuser/"
HTACCESSFILE="htaccessfile.txt"
HTACCESSBLOCK="htaccess-blocklist.txt"
TEMPFILE="htaccess.temp"
COUNTRIES="AF,AR"
TYPE="deny"
#########################

WORKDIR : is a writable directory where the script will be located
HTACCESSFILE : is the file where you will put your .htaccess paths
HTACCESSBLOCK and TEMPFILE : are temporary file that will be deleted at the end of the script execution
COUNTRIES : is the list of countries you wish to deny/allow, separated with a coma
TYPE : "allow" or "deny" access to these countries