All our shared/enterprise/reseller hosting servers include Mod_GeoIP, which is a database that can be used to map a website visitor's IP address to their country. This can be used to deny/allow access to your website.
Please note:
- The Mod_GeoIP database has been compiled by MaxMind, a third-party provider.
- The country database is estimated to have 99.8% accuracy, but that isn't perfect, so it should not be used for critical applications.
- New IP ranges will take some time to appear in the database or may be mapped to the wrong country initially.
- Users can always get around a country allow/deny access by using a VPN/proxy.
- Multinational corporations often have an IP range based on where their headquarters are, this could result in false positive results for these users.
- Mod_GeoIP is a legacy database, and has been replaced by Mod_MaxMindDB, but at this time it does not integrate with the Apache web server. When the new database is able to integrate with our servers, the system will be updated accordingly.
- You can find info on Mod_GeoIP here: http://dev.maxmind.com/geoip/legacy/mod_geoip2/
Enable GeoIP on your website
To enable GeoIP on your website, you should add the following 3 lines to the top of your .htaccess
file:
<IfModule mod_geoip.c> GeoIPEnable On </IfModule>
GeoIP is usually pre-enabled on the server configuration level, but the above rules would ensure that it's actually enabled.
If you do not have a .htaccess file, simply create one in the main directory of your website. The main directory is normally called public_html unless you are working with a sub-domain or addon domain, which will have its own directory.
GeoIP variables
The main GeoIP variables that will be made available on your website are:
GEOIP_ADDR GEOIP_CONTINENT_CODE GEOIP_COUNTRY_CODE GEOIP_COUNTRY_NAME GEOIP_REGION GEOIP_REGION_NAME GEOIP_CITY
In this guide we'll concentrate on GEOIP_COUNTRY_CODE which outputs a 2-digit ISO country code, from AF (Afghanistan) to ZW (Zimbabwe). The full list of country codes can be found here: https://www.nationsonline.org/oneworld/country_code_list.htm
We will provide four examples, to deny access, to allow access, to redirect visitors and to use in PHP code.
Example 1 - Deny access from 3 countries
In this example, the code will deny access from visitors in 4 countries: RU (Russia), CN (China) and US (United States).
Add this to your .htaccess
file:
<IfModule mod_geoip.c>
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
Deny from env=BlockCountry
</IfModule>
Any users from RU, CN or US will encounter a "403 Forbidden" error when visiting the website.
Example 2 - Allow access from only 2 countries
In this example, the code will allow access from visitors in two countries only, DE (Germany) and GB (United Kingdom).
Add this to your .htaccess
file:
<IfModule mod_geoip.c>
SetEnvIf GEOIP_COUNTRY_CODE DE PermitCountry
SetEnvIf GEOIP_COUNTRY_CODE GB PermitCountry
Deny from All
Allow from env=PermitCountry
</IfModule>
Any users not from DE or GB will encounter a "403 Forbidden" error when visiting the website.
Example 3 - Deny access from 3 countries
In this example, the code will deny access to visitors in 3 countries (Ireland, United Kingdom, Netherlands). Any other countries will be able to access the website normally.
Add this to your .htaccess
file:
<IfModule mod_geoip.c>
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(IE|GB|NL)
RewriteRule .* - [F]
</IfModule>
Any users from the 3 countries will encounter a 404 error 'Page not found' when visiting the website.
Example 4 - Redirect access from 3 countries
In this example, the code will redirect visitors in 3 countries (Ireland, United Kingdom, Netherlands) to Google. Any other countries will be able to access the website normally.
Add this to your .htaccess
file:
<IfModule mod_geoip.c>
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(IE|GB|NL)$
RewriteRule ^(.*)$ https://google.com/$1 [L]
</IfModule>
If you want to switch it around so only those 3 countries are allowed access and all other countries are redirected, you would include a !
symbol before the list of country codes, like this:
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(IE|GB|NL)$
Example 5 - Use the variable in PHP code
In this example, we will use PHP code to output the country code and country name. Add this code to a PHP file:
<?php print "Your 2-digit country code is " . $_SERVER['GEOIP_COUNTRY_CODE'] . " so you are visiting from " .$_SERVER['GEOIP_COUNTRY_NAME'];
This example will print a message to visitors from Canada, then use the exit()
function to prevent the rest of the web page from loading:
<?php if ($_SERVER['GEOIP_COUNTRY_CODE'] === 'CA') { print "Visitors from Canada are blocked."; exit(); }
We recommend implementing any country deny/allow rules or .htaccess
rewrite rules in conjunction with your website developer / IT person.
Updated by SP on 11/05/2023