Dimas Maulana
Dimas Maulana

How to Block IP by Country and Allow Uptime Monitor

Dimas Maulana Development
 

In this guide, we will walk you through the steps to block traffic from specific countries using Cloudflare while allowing access to your uptime monitor IPs. We will cover how to achieve this both in Cloudflare’s Firewall Rules and on an Apache web server.

Cloudflare Firewall Rules

Step 1: Log in to Cloudflare

  1. Go to Cloudflare and log in to your account.

Step 2: Access Firewall Rules

  1. In the Cloudflare dashboard, click on your domain.

  2. Navigate to the “Firewall” section in the top menu and then click on “Firewall Rules.”

Step 3: Create a Firewall Rule

  1. Click on the “Create a Firewall Rule” button.

Step 4: Block Traffic by Country

  1. Give your rule a descriptive name, like “Block by Country.”

  2. Under “Then,” select “Block.”

  3. Under “If,” choose the condition “Country.”

  4. Choose “is in” and then select the countries you want to block. You can add multiple countries if needed.

Step 5: Add an Allow Rule for Uptime Monitor IPs

  1. To allow access to your uptime monitor IPs, create another firewall rule.

  2. Give this rule a name like “Allow Uptime Monitor.”

  3. Under “Then,” select “Allow.”

  4. Under “If,” choose the condition “IP Address.”

  5. Specify the IP addresses of your uptime monitor service. You may need to check with your uptime monitor provider for the list of IPs they use.

Step 6: Order Your Rules

  1. Order your rules so that the “Allow Uptime Monitor” rule is higher in priority than the “Block by Country” rule. Rules are evaluated from top to bottom, so this ensures that the uptime monitor IPs are allowed before checking for country blocking.

Step 7: Save and Deploy

  1. Click “Save and Deploy” to activate your Firewall Rules.

Apache Configuration

If you’re using an Apache web server, you can also add an additional layer of protection.

Step 1: Access Apache Configuration

  1. SSH into your server.

  2. Navigate to the Apache configuration directory. On many Linux distributions, it’s located at /etc/apache2/ or /etc/httpd/.

Step 2: Edit the Apache Configuration File

  1. Open the Apache configuration file for your site, usually located in the /sites-available/ directory.

  2. Inside the <VirtualHost> section for your site, add the following lines to allow access to your uptime monitor IPs. Replace x.x.x.x with the actual IP addresses:

1
2
3

<LocationMatch "/">
    Require ip x.x.x.x x.x.x.x
</LocationMatch>

Step 3: Block Traffic by Country

  1. To block traffic from specific countries, you can use the Apache mod_geoip module if it’s installed. If not, you can use mod_rewrite as an alternative.

Using mod_geoip (if installed): 

1
2
3
4
5
6
7
8

GeoIPEnable On
GeoIPDBFile /path/to/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE2 CN BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE2 RU BlockCountry

Order Deny,Allow
Deny from env=BlockCountry

Using mod_rewrite (alternative method): 

1
2
3

RewriteEngine On
RewriteCond %{ENV:IP2LOCATION_COUNTRY_SHORT} ^(CN|RU)$
RewriteRule ^ - [F]

Step 4: Save and Restart Apache

  1. Save the Apache configuration file and exit the editor.

  2. Restart Apache to apply the changes:

1
2

sudo systemctl restart apache2   # On Ubuntu/Debian
sudo systemctl restart httpd     # On CentOS/RHEL

These steps will block traffic from specified countries while allowing access to your uptime monitor IPs both at the Cloudflare and Apache levels, ensuring your website remains secure and available.

Updated on 03-06-2020 
Back | Home
0%