Mod GeoIP - Deny/allow geographic access to your website

JSWeb partners with Spiral Hosting (https://spiralhosting.com/).  All their shared/enterprise/reseller hosting servers include Mod_GeoIP, which is a database that can be used to map a website visitor's IP address to their country. This can be used to deny/allow access to your website.

Please note!

- The Mod_GeoIP database has been compiled by MaxMind, a third party provider. 
- The country database is estimated to have 99.8% accuracy, but that isn't perfect, so it should not be used for critical applications.
- New IP ranges will take some time to appear in the database, or may be mapped to the wrong country initially.
- Users can always get around a country allow/deny access by using a VPN/proxy.
- Multinational corporations often have an IP range based on where their headquarters are, this could result in false positive results for these users.
- Mod_GeoIP is a legacy database, and has been replaced by Mod_MaxMindDB, but at this time it does not integrate with the Apache web server. When the new database is able to integrate with our servers, the system will be updated accordingly.
- You can find info on Mod_GeoIP here: http://dev.maxmind.com/geoip/legacy/mod_geoip2/


Enable GeoIP on your website

To enable GeoIP on your website, you must add the following 3 lines to the top of your .htaccess file:

<IfModule mod_geoip.c>
  GeoIPEnable On
</IfModule>

If you do not have an .htaccess file, simply create one in the main directory of your website. The main directory is normally called public_html unless you are working with a sub-domain or addon domain, which will have its own directory.

GeoIP variables

The main GeoIP variables that will be made available on your website are:

GEOIP_ADDR
GEOIP_CONTINENT_CODE
GEOIP_COUNTRY_CODE
GEOIP_COUNTRY_NAME
GEOIP_REGION
GEOIP_REGION_NAME
GEOIP_CITY


In this guide we'll concentrate on GEOIP_COUNTRY_CODE which outputs a 2-digit ISO country code, from AF (Afghanistan) to ZW (Zimbabwe). The full list of country codes can be found here: https://www.nationsonline.org/oneworld/country_code_list.htm

We will provide four examples, to deny access, to allow access, to redirect visitors and to use in PHP code.

Example 1 - Deny access from 3 countries

In this example, the code will deny access from visitors in 4 countries, RU (Russia), CN (China), and US (United States). Add this to your .htaccess file:

<IfModule mod_geoip.c>
GeoIPEnable On
</IfModule>
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
Deny from env=BlockCountry

 

Any users from RU, CN or US will encounter a 403 error 'Forbidden' when visiting the website.

Example 2 - Allow access from only 2 countries

In this example, the code will allow access from visitors in 2 countries only, DE (Germany) and GB (United Kingdom). Add this to your .htaccess file:

<IfModule mod_geoip.c>
GeoIPEnable On
</IfModule>
SetEnvIf GEOIP_COUNTRY_CODE DE PermitCountry
SetEnvIf GEOIP_COUNTRY_CODE GB PermitCountry
Deny from All
Allow from env=PermitCountry

 

Any users not from DE or GB will encounter a 403 error 'Forbidden' when visiting the website.

Example 3 - Redirect access from 3 countries

In this example, the code will redirect visitors in 3 countries (Ireland, United Kingdom, Netherlands) to another website, Google! Any other countries will be able to access the website normally. Add this to your .htaccess file:

<IfModule mod_geoip.c>
GeoIPEnable On
</IfModule>
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(IE|GB|NL)$
RewriteRule ^(.*)$ https://google.com/$1 [L]

 

Any users not from DE or GB will encounter a 403 error 'Forbidden' when visiting the website.

Example 4 - Use the variable in PHP code

In this example, we will use PHP code to output the country code and country name. Add this code to a PHP file:

<?php
print "Your 2-digit country code is " . $_SERVER['GEOIP_COUNTRY_CODE'] . 
" so you are visiting from " .$_SERVER['GEOIP_COUNTRY_NAME'];

Or this example will print a message to visitors from Canada, then use exit() which prevents the rest of the web page from loading:

<?php
if ($_SERVER['GEOIP_COUNTRY_CODE'] === 'CA') {
    print "Visitors from Canada are blocked.";
    exit();
    }

 

We recommend implementing any country deny/allow rules or .htaccess rewrite rules in conjunction with your website developer / IT person.

Was this answer helpful?
Print this Article
Also Read
MaxMind Security Check

Initial Order Check with MaxiMind: JS Web uses only but the best security check applications to...

 Why two businesses should not share one hosting account

JSWeb partners with Spiral Hosting (https://spiralhosting.com/).  We recommend every...