We are in a business where we need to block visitors from certain areas or countries. We want to show 403 error page when visitors comes from that certain areas.
Now what we can do is, on every request, get the visitors IP address and get the country name for that IP using any third-party services like Telize or ipapi.co and if it from that country, stop and show the error page.
But the problem is, it will check for all others visitors and if we do a curl on every request, it will definitely slow down our website.
Is there any way we can get the country name from IP address without using any third-party service or curl request or anything that will not slow down our website?
We are using PHP & Symfony 3 framework on a VPS, and speed and performance are very important for us, in case it helps you.
At this moment we want to block visitors from Cameroon, is there any range of IP is assigned for Cameroon?
You can use the Maxmind GeoIP library for php.
The idea is that you download a database (which is just a file) containing geographical information for all the IPs in the world. Since the database is on your server, and you call it using the library, it won't slow down your server. Actually, getting the country code from an IP is so fast the performance impact will be negligible.
The database is updated regularly, so you can periodically re-download it to stay up-to-date. You can get details about the downloadable databases here.
You may generate the htaccess deny file for Cameroon IP ranges at https://www.ip2location.com/free/visitor-blocker, and block them at htaccess level, which will be much faster.
Related
I'm trying to get the visitor's country code from Cloudflare through the header HTTP_CF_IPCOUNTRY.
When I use this, I receive the correct country code I am visiting the site from, although this code can change at times.
For example; my country code is supposed to be LK which is shown correctly throughout my site for majority of a session, but sometimes if I navigate to a subpage, open the site in incognito / different browser, change network connections or view from another machine, the code may change, sometimes I get a different code for each page I visit.
There is no pattern to the country code changing hence why I use the word "sometimes" and seems to be random.
I'm not using any proxies or VPNs on top of my internet connection, and my IP remains the same whenever the issue arises.
Does anyone have to faintest idea as to why these codes might be changing?
The entire technical foundation for geolocation-by-IP is fairly weak and not a precise science. It's just based on large data accumulations, and all large data accumulations have some margin of error. It's entirely possible you're on an ISP which may sometimes route requests through one IP internally and sometimes through another, and that one IP is associated with one country but the other happens to be associated with another country in that large database, rightly or wrongly. Or any number of other factors why CloudFlare may see your request coming from one IP or another at times, and/or why that IP may be listed as one country or another in their database. Maybe the IP changed recently, and that updated database hasn't been rolled out to all of CloudFlare's edge servers yet, and sometimes you're hitting a server with an outdated geo-IP database.
You've just found an edge case that flipflops becauseā¦ reasons.
To avoid false positive, how can we create a whitelist of IP or Range of IP. I tried to create a IP whitelist by using resolving IP of the whitelist domain. Do you guys have any idea?
The question is not completely clear to me. I don't understand exactly why you need a whitelist IP but as far as I know it's better to have a block/black list IP rather than a white list.
it might be the case the IP address w.x.y.z is clean today and somehow someone hack the server tomorrow and serve malicious content. So the IP is not clean anymore!
Having a daily IP blocklist is better since there are lots of services out there which serve such lists (for different types of abuse like spam, malware and phishing) and you can use them on a daily basis.
If you have access to an enterprise firewall/proxy logs or PCAP data, you can extract the traffic from that environment, do DNS resolution to get the IPs, sort the output from most most hits to lowest, then grab the top N ones as they would probably be commonly used hosts like Google, YouTube, Facebook etc.
The problem with this approach is that reputation is fleeting: I've seen malware on Google Drive, Dropbox, Discord, Onedrive, Pastebin and also Github. Reputation is only as good as the hosting company is to remove malware from their sites. Some are fast to take down malware after reports, some are not.
You can also use statistical ranking data like Alexa to resolve FQDNs into IPs, just be aware that ranking does not equate to morality/acceptable use policy as there are plenty of torrent and porn sites listed on Alexa that you may not want to allow to fly under the radar on your corporate network.
I have multiple applications making use of Application Insights for Production Data. I'm trying to use the City telemetry field to map our current users. This data appears to be tracked very inconsistently and in most cases (> 75%) is just unavailable.
I understand some customers will be using VPNs which could affect the results, but not to the extent I'm seeing.
Here is the info from the Azure FAQ:
How are City, Country and other geo location data calculated? We look
up the IP address (IPv4 or IPv6) of the web client using GeoLite2.
Browser telemetry: We collect the sender's IP address.
Server telemetry: The Application Insights module collects the client IP
address. It is not collected if X-Forwarded-For is set.
You can configure the ClientIpHeaderTelemetryInitializer to take the IP
address from a different header. In some systems, for example, it is
moved by a proxy, load balancer, or CDN to X-Originating-IP.
Does anyone know how to improve geolocating user cities for App Insights?
IP Geolocation is not 100% accurate and you need to live with it. City accuracy is quite low because the information is guessed from multiple data that change frequently. One way to improve accuracy is to use a service that aggregates data from multiple sources and does it continuously, multiple times a day.
A second manner to enhance the results is to filter based on whether the IP is associated with a proxy by using threat data.
For both purposes, I recommend looking at Ipregistry, a service I work for:
https://api.ipregistry.co/?key=tryout
It would be great if MSFT could provide an example of manually setting the location in Browser telemetry. I understand privacy concerns, but our use-case is for internal enterprise apps used by our field service teams. Since Browsers can access the Geolocation APIs, it's probably straightforward to add that info. It's just a matter of knowing the right way to do it so it's picked up consistently.
I have created a Business Management System which is to be used by retailers with or without multiple sites.
It is important that a logged in user identifies his/her location, or site, so that the system can perform site related tasks automatically.
I currently have a database of locations which includes an IP Prefix field, when the user goes to the log in page it looks for the first 5 digits of the current IP address, then:
If start of current IP matches a stored record it assumes user is at
that site.
If no IP matches then it asks the user which site they're in and asks them to update the IP.
This basic, and manual check works when the sites are a fair distance away or are on different ISPs for certain, the update is usually only required after a router restart and I've been using the system myself for about 4 years with no issues... BUT... I am not confident with it, so my question is; is there a better solution?
I realise the IP address is probably not the way as the best that gives me is the location of their ISP, but that's not what I need.
In case it matters I am using ASP.NET coding in VB
Also, should mention, I'm looking for desktop based application, not mobile.
I think you are going to have to rely on user input for this one. It's impossible (or at least, very very difficult) to know whether a user is using a proxy or not, and if they are you have no way of knowing where they really are. This is right and proper; would you trust every website you access with that kind of information? I sure as hell wouldn't.
You can't use the IP address to give you 100% reliable location data if your clients connect over the internet (they could be going through a proxy or as you said you might just get the ISP's IP address)
Your best bet is to use javascript to get the users geolocation: W3 Schools Example
More complex example on html5demos
No, of course it is not possible to reliably locate an user by IP Adress.
That adress can be faked, so the base of your info is not reliable.
Yesterday I setup some software which tracks all http requests across our network of websites. After analyzing the first day of traffic we found nearly a dozen IP's that were flat out harvesting our data. It's pretty obvious when one ip browses 300 pages in a matter of 1 hour lol. I did do a reverse lookup on these and the majority were from Singapore, China, etc so they weren't search engine bots.
Does anyone know a service or website that maintains a list of bad IP's that should be blocked?
Yes there is a list of IPs which is dynamic. So there is no download for that list. But you can query it via DNS.
Have a look at the Http:BL of projecthoneypot.org:
http://www.projecthoneypot.org/httpbl_api.php