The Threat Control Panel allows you to block countries across all your CloudFlare-enabled websites by simply typing the name of the country in the "Add custom rule" box. However, at times, you may want to block a particular country for only some of your sites, because some of your sites happen to have legitimate visitors from that country. How to do that?
At the moment (September 2010), you cannot do that through the Threat control Panel. But you can easily implement the feature if you feel comfortable changing your server configuration files, in particular the file called ".htaccess".
When CloudFlare passes on a request to your server, it inserts a variable in the header: "CF-IPCountry". This variable (CF-IPCountry) contains the standard internet two-letter country code: "US" for USA, "CN" for China, and so on.
To block a country only for some of your sites, you can add directives in your Apache files.
The following technique is easy to implement as it touches only one file. Suppose you would like to block countries XX and YY from one of your sites. Edit ".htaccess" at the root of each website where you want to block these countries. At the top of the file, just below the "AddHandler" directives (if any), paste these lines:
SetEnvIf CF-IPCountry XX UnwantedCountry=1
SetEnvIf CF-IPCountry YY UnwantedCountry=1
Order allow,deny
Allow from all
Deny from env=UnwantedCountry
That's all! Remember to change "XX" and "YY" to the internet country codes of your choice. You can see how this is beautifully easy to customize: if you do not want to block YY for one of your sites, leave out the YY line.
You may want to test the set-up by blocking your own country on one of your sites. Just make sure you have a back door to change ".htaccess" back again!
If you have access to your server's httpd.conf file (usually not the case on shared hosts), you have access to a wider range of implementations, such as thecountry-blocking techniques in this article.
No comments:
Post a Comment