SunQuest
           BSD Help
 
Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
User Name:
Password:
Remember me
Go Back   Dev Shed ForumsOperating SystemsBSD Help
Reload this Page

Blocking requests from country specific IP's on Web server ?

Discuss Blocking requests from country specific IP's on Web server ? in the BSD Help forum on Dev Shed.
Blocking requests from country specific IP's on Web server ? BSD Help forum discussing all BSD based operating systems including FreeBSD, OpenBSD, NetBSD, and more. BSD refers to the distribution of UNIX originally developed by the University of California at Berkeley.

Reply
Add This Thread To:
  Del.icio.us   Digg   Google   Spurl   Blink   Furl   Simpy   Y! MyWeb 
« Previous Thread | Next Thread »  
Thread Tools Search this Thread Rate Thread Display Modes
 
Unread Dev Shed Forums Sponsor:
Get inside! Sample the range of functionality easily built with JMSL Library for Time Series Data Analysis, Heat Maps, Portfolio Optimization, Monte Carlo Simulation, Stock Price Charting and more. Download Now!
  #1  
Old February 11th, 2005, 07:35 AM
dyno_dom dyno_dom is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2005
Posts: 3 dyno_dom User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 44 m 59 sec
Reputation Power: 0
Blocking requests from country specific IP's on Web server ?
I need to block out certain IP adresses on a web server depending on where the request comes from (block out entire countries).
Planned to use either pf or ipfw. Os is going to be freebsd or openbsd (not decided yet)

I am thinking that this could be done quite simple in pf but I can't figure out how to do it.

Secondly, a request from such a blocked ip should get redirected to another site, how do I do that ?


Any thoughts or hints?

Thanks in advance
Reply With Quote
  #2  
Old February 11th, 2005, 08:56 PM
Scorpions4ever's Avatar
Scorpions4ever Scorpions4ever is online now
Banned ;)
Dev Shed God 5th Plane (7000 - 7499 posts)
  
Join Date: Nov 2001
Location: Glendale, Los Angeles County, California, USA
Posts: 7,442 Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level)Scorpions4ever User rank is Major General (70000 - 90000 Reputation Level) 
Time spent in forums: 1 Month 1 h 22 m 8 sec
Reputation Power: 797
In pf, it is simply a matter of adding a rule like this to /etc/pf.conf (assuming your interface is fxp0 and your IP address is 192.168.0.1)

block in on fxp0 proto tcp from xx.xx.xx.xx to 192.168.0.1 port http

If you want to block the whole class C, you would use something like this:
block in on fxp0 proto tcp from xx.xx.xx.00/24 to 192.168.0.1 port http

The pf guide for OpenBSD is pretty good. See:
http://www.openbsd.org/faq/pf/index.html
and
http://www.openbsd.org/faq/pf/example1.html for some sample rulesets.
__________________
Up the Irons
What Would Jimi Do? Smash amps. Burn guitar. Take the groupies home.
"Death Before Dishonour, my Friends!!" - Bruce D ickinson, Iron Maiden Aug 20, 2005 @ OzzFest
Down with Sharon Osbourne
Puzzle of the Month solved by sizeablegrin, etienne141 and L7Sqr, superior C/C++ programmers of the month
Reply With Quote
  #3  
Old February 12th, 2005, 12:12 AM
dyno_dom dyno_dom is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2005
Posts: 3 dyno_dom User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 44 m 59 sec
Reputation Power: 0
thank you for the help. I looked at it and it makes sense, guess I will be able to do it now.

Do you have any comment on the redirecting question ?

Thanks
Dom
Reply With Quote
  #4  
Old February 15th, 2005, 11:27 AM
dyno_dom dyno_dom is offline
Registered User
Dev Shed Newbie (0 - 499 posts)
  
Join Date: Feb 2005
Posts: 3 dyno_dom User rank is Just a Lowly Private (1 - 20 Reputation Level) 
Time spent in forums: 44 m 59 sec
Reputation Power: 0
Hi

here the IP address range I need to block
(*-ed out the first three digits)
***.139.192.0 -- ***.139.223.255
Now how do I block this range without blocking the entire class C net?
Reply With Quote
Reply

Viewing: Dev Shed ForumsOperating SystemsBSD Help > Blocking requests from country specific IP's on Web server ?

« Previous Thread | Next Thread »

Thread Tools  Search this Thread 
Search this Thread:

Advanced Search
Display Modes  Rate This Thread 
Linear Mode Linear Mode
Rate This Thread:


Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
View Your Warnings | New Posts | Latest News | Latest Threads | Shoutbox
Forum Jump


Forums: » Register « |  User CP |  Games |  Calendar |  Members |  FAQs |  Sitemap |  Support | 
  
 





© 2003-2008 by Developer Shed. All rights reserved. DS Cluster 3 hosted by Hostway