i have to ban upload and download of japan
and addition to ban for some sites IPS
XFileSharing Pro - himado.in - they grab movies from XFS - Page 2
I guess we can allow only our main domain, and block all the rest? right?trinsic wrote:If you use Nginx you can use valid_referrers:Code: Select all
location /files/ { valid_referers none blocked www.mydomain.com mydomain.com; if ($invalid_referer) { return 403; } }
Put it in the server section of your config.randy wrote:where to put this code in nginx?
Yes this blocks any referrer other than your site from accessing the file directly (not your site, just the direct download link). I added a none referrer so some users don't experience problems.amator wrote:I guess we can allow only our main domain, and block all the rest? right?trinsic wrote:If you use Nginx you can use valid_referrers:Code: Select all
location /files/ { valid_referers none blocked www.mydomain.com mydomain.com; if ($invalid_referer) { return 403; } }
-
- Posts: 521
- Joined: Dec 19, 2009 5:12 pm
well
be smart and use your firewall to block them
a build in firewall is iptables
You can block traffic at both Apache or iptables level. I recommend iptables to save some resources. First, you need to get list of netblocks for each country. Simply visit this page and download IP block files are provided in CIDR format. Use the following shell script:
WARNING!People from other countries may use proxy server or think of spoofing their IP address. In such case, this may not work and it will only protect your box from automated scans or spam.
Save above script as root user and customize ISO variable to point out country name using ISO country names. Once done install the script as follows using crontab:
To start blocking immediately type:
And you are done with blocking the whole country from your server.
Greetings From PowerChaos
be smart and use your firewall to block them
a build in firewall is iptables
You can block traffic at both Apache or iptables level. I recommend iptables to save some resources. First, you need to get list of netblocks for each country. Simply visit this page and download IP block files are provided in CIDR format. Use the following shell script:
WARNING!People from other countries may use proxy server or think of spoofing their IP address. In such case, this may not work and it will only protect your box from automated scans or spam.
Code: Select all
#!/bin/bash
### Block all traffic from AFGHANISTAN (af) and CHINA (CN). Use ISO code ###
ISO="af cn"
### Set PATH ###
IPT=/sbin/iptables
WGET=/usr/bin/wget
EGREP=/bin/egrep
### No editing below ###
SPAMLIST="countrydrop"
ZONEROOT="/root/iptables"
DLROOT="http://www.ipdeny.com/ipblocks/data/countries"
cleanOldRules(){
$IPT -F
$IPT -X
$IPT -t nat -F
$IPT -t nat -X
$IPT -t mangle -F
$IPT -t mangle -X
$IPT -P INPUT ACCEPT
$IPT -P OUTPUT ACCEPT
$IPT -P FORWARD ACCEPT
}
# create a dir
[ ! -d $ZONEROOT ] && /bin/mkdir -p $ZONEROOT
# clean old rules
cleanOldRules
# create a new iptables list
$IPT -N $SPAMLIST
for c in $ISO
do
# local zone file
tDB=$ZONEROOT/$c.zone
# get fresh zone file
$WGET -O $tDB $DLROOT/$c.zone
# country specific log message
SPAMDROPMSG="$c Country Drop"
# get
BADIPS=$(egrep -v "^#|^$" $tDB)
for ipblock in $BADIPS
do
$IPT -A $SPAMLIST -s $ipblock -j LOG --log-prefix "$SPAMDROPMSG"
$IPT -A $SPAMLIST -s $ipblock -j DROP
done
done
# Drop everything
$IPT -I INPUT -j $SPAMLIST
$IPT -I OUTPUT -j $SPAMLIST
$IPT -I FORWARD -j $SPAMLIST
# call your other iptable script
# /path/to/other/iptables.sh
exit 0
Code: Select all
@weekly /path/to/country.block.iptables.sh
Code: Select all
# /path/to/country.block.iptables.sh
Greetings From PowerChaos
-
- Posts: 521
- Joined: Dec 19, 2009 5:12 pm
You can also use iptables to block ip's
or to block specific websites ( also called ip's )
if you want to do it on a easy way
download this program
http://configserver.com/cp/csf.html
it let you easy configure your firewall and got a web interface ( ssl needed )
else you just need to edit a config file and you can add certain ip's and it also block mass connections
Greetings From PowerChaos
or to block specific websites ( also called ip's )
if you want to do it on a easy way
download this program
http://configserver.com/cp/csf.html
it let you easy configure your firewall and got a web interface ( ssl needed )
else you just need to edit a config file and you can add certain ip's and it also block mass connections
Greetings From PowerChaos