Block a Country Form your Hosting

cPanel Country Blacklisting

Secure your web server by blocking a country using cPHulk or CSF Firewall

    Country Blocking using cPanel cPHulk or CSF Plugin

    Before we discuss in detail, a question may arise that why do we even block a complete country, or if there is enough evidence that blocking at country level is a good solution. Let be clear, this is not an everyday option that you can tweak as per your preferences. A country block is a country block, and no strings attached. So why we would want to block a complete country altogether, there can be multiple reasons that may lead to a blocking at this level, the primary one could be a large number of threat / attack / DDos / bot or similar activity that may be taking up all the resources of the server and causing legit users to see an error on the site or a complete website down message.

    It is powerful but not always feasible, such that a country blocking will cause all users from the source not to be able to reach your website at all. An example of where the country blocking is not possible is with websites such as google or amazon where they can’t deny access to a complete range of IP addresses at this level. On the other side, a local store that only provides services or sells products locally, such as a salon or a local wine shop that server local market, can actually block all other countries other than the country of their operations.

    Country Blocking Using Firewall

    Now lets discuss the options available in a cPanel based server. If you are on a shared hosting, you are out of luck as a shared hosting does not allow country level blocking, but then your can ban individual IP or a complete IP address range using htaccess file. Apart from Optimizing a shared hosting, there way to block a complete country on a shared hosting would be to deploy an IP to Country database that allows your to convert the IP to its originating country and then block it but this type of blocking takes some resources as it check for each request into the database for requesting the country information and then proceed to allow or block the request. To save from this overhead, we recommend solution suck as cloudflare which passes the country data via headers and then you only need to check headers for country code and add the blocking based on that information.

    With a VPS or a dedicated server, we have even more options that allow us to secure our server. Solutions such as cPHulk which comes bundled in cPanel and a third party plugin such a Config Server Firewall (CSF) allows you to add a whole country to the blacklist. If  you have CSF, it also offer other security enhancements such as blocking requests to ports such that you can block listening on all ports except the web port. You can have both cPHulk and CSF configured to block countries without causing any isuses to the system functioning. cPHulk is a software level blocking whereas CSF is a IPtables based firewall blocking and there is no chance of them conflicting with one another and configuring both of them allows your server to have the maximum protection enabled.

    Also, if you have a hardware based firewall provided by your web server company, it is important to configure that as well to block the requests. A hardware firewall performs way better than a software firewall as a software firewall will still use some server processing power to scan and block the requests, whereas the hardware firewall works independently and your server is not overloaded with requests.

    With whatever solution you opt for, remember to test the configurations to make sure that you are not blocking legit request.

    If you have any concern or want us to help you with the server configuration or software firewall setup, let us know.