2016-01-22

How to Block Visitrs by Country (C#, MVC)

The web.config file can be used to restrict website access by the client address. Web.config can be used to restrict access to a single page, a directory and all sub directories, or even the entire web site. You can block all IP addresses and only let a few trusted IP addresses in, or you could allow everyone and block specific IP addresses or subnets. While some web.config sections require that the containing directory is set as an application, this isn't one of them. A simple web.config with a ipSecurity section may be placed in any directory, and the directory does NOT need to be set as an application.

How it's done?
Below is example of IP address restrictions.
<security>
   <ipSecurity allowUnlisted="true">    <!-- this line allows everybody, except those listed below -->            
       <clear/>     <!-- removes all upstream restrictions -->                
       <add ipAddress="83.116.19.53"/>     <!-- blocks the specific IP of 83.116.19.53  -->                
       <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>     <!--blocks network 83.116.119.0 to 83.116.119.255-->                
       <add ipAddress="83.116.0.0" subnetMask="255.255.0.0"/>     <!--blocks network 83.116.0.0 to 83.116.255.255-->                
       <add ipAddress="83.0.0.0" subnetMask="255.0.0.0"/>     <!--blocks entire /8 network of 83.0.0.0 to 83.255.255.255-->                
   </ipSecurity>
</security>
It is also possible to deny all, but allow specific IPs or networks:
<security>
    <ipSecurity allowUnlisted="false">    <!-- this line blocks everybody, except those listed below -->                
        <clear/> <!-- removes all upstream restrictions -->
        <add ipAddress="127.0.0.1" allowed="true"/>    <!-- allow requests from the local machine -->
        <add ipAddress="83.116.19.53" allowed="true"/>   <!-- allow the specific IP of 83.116.19.53  -->                
        <add ipAddress="83.116.119.0" subnetMask="255.255.255.0" allowed="true"/>   <!--allow network 83.116.119.0 to 83.116.119.255-->                
        <add ipAddress="83.116.0.0" subnetMask="255.255.0.0" allowed="true"/>   <!--allow network 83.116.0.0 to 83.116.255.255-->                
        <add ipAddress="83.0.0.0" subnetMask="255.0.0.0" allowed="true"/>   <!--allow entire /8 network of 83.0.0.0 to 83.255.255.255-->                
    </ipSecurity>
</security>
Where to put section inside of web.config:
<?xml version="1.0"?>
<configuration>
   <system.webServer>
      <security>
        <ipSecurity allowUnlisted="true">    <!-- this line blocks everybody, except those listed below -->                
           <clear/> <!-- removes all upstream restrictions -->
           <add ipAddress="83.116.19.53"/>   <!-- block one IP  -->                
           <add ipAddress="83.116.119.0" subnetMask="255.255.255.0"/>   <!--block network 83.116.119.0 to 83.116.119.255-->               
        </ipSecurity>
      </security>
      <modules runAllManagedModulesForAllRequests="true"/>
   </system.webServer>
</configuration>

After you know where and how to put restricted IPs next step is to find a list of country IPs that you should block. I found site www.ip2location.com very useful, as you need only to select country to get its IPs. You can choose also an output format where you can find 'web.config allow' and 'web.config deny' options that prepare data in a format that I have explained above.

No comments:

Post a Comment