Should I block China IP Addresses?

jmlopez

Member
Registered
Joined
Jul 11, 2016
Messages
24
Points
3
There are many guides to block alll Chinese ip addresses with iptables and I think I should do it for my hosting. I also see an option in my CDN control panel. I am targeting US audience and I think traffic from China is just bots and hackers. What is your advice? should I block all China IP addresses?
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
It would be a good idea if you are not looking to target China or the surrounding region with your site. I agree a large percentage of brute force attacks and other undesirable activity does come from this region.
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
Hi Chris,

Yes, you should be able to create custom rules.

Login to your cloud flare dashboard > Threat Control > In the custom rule box select a country or IP range. > click block.
 

tlhIngan

Member
Registered
Joined
Jul 12, 2016
Messages
49
Points
8
Hi Chris,

Yes, you should be able to create custom rules.

Login to your cloud flare dashboard > Threat Control > In the custom rule box select a country or IP range. > click block.
I don't see thread control section on my account.

I use Cloudflare for my blogs. How can I block China with Cloudflare?
click on Firewall on menu

cloudflare-firewall.png

On the Access Rules, type China and it will suggest you a name, you should click that.

cloudflare-access-rules.jpg

There are some options you can choose if wanted.

cloudflare-block-countries.png

Click Add to save and finish.

Good luck to you ! :good:
 

Attachments

jmlopez

Member
Registered
Joined
Jul 11, 2016
Messages
24
Points
3
Hi Chris,

Yes, you should be able to create custom rules.

Login to your cloud flare dashboard > Threat Control > In the custom rule box select a country or IP range. > click block.
I could not find where Thread Control is in Cloudflare.

@tlhIngan

It alerted me this when clicking on Add button.

Countries can only be challenged or whitelisted (Code: 1212)
 

LJSHost

Well-known member
Hosting Provider
Registered
Joined
Jul 5, 2016
Messages
1,031
Points
63
It used to be threat control they must of updated the UI since I last looked at it. Anyway tlhIngan has provided a great guide.
 

jmlopez

Member
Registered
Joined
Jul 11, 2016
Messages
24
Points
3
jmlopez
I guess Thread Control is in Cloudflare Pro plan.
I can not do as tlhIngan guided. It didn't allow me to save with error mentioned in the post above.
 

JixHost

Member
Registered
Joined
Dec 15, 2016
Messages
26
Points
0
We use cloudflare and it does block threats globally. China is not the only country that sends attacks.
 

HostXNow

Well-known member
Hosting Provider
Registered
Joined
Nov 26, 2014
Messages
374
Points
28
Cloudflare is a good solution.

Also, make sure you are using a good firewall plus mod_security rules etc.
 

jmlopez

Member
Registered
Joined
Jul 11, 2016
Messages
24
Points
3
We use cloudflare and it does block threats globally. China is not the only country that sends attacks.
How to block a country with Cloudflare free plan? I could not succeed in doing this.

Cloudflare is a good solution.

Also, make sure you are using a good firewall plus mod_security rules etc.
Are you talking to a firewall or using iptables on hosting? I feel inconvenient to do that as doing on an user interface.
 

HostXNow

Well-known member
Hosting Provider
Registered
Joined
Nov 26, 2014
Messages
374
Points
28
How to block a country with Cloudflare free plan? I could not succeed in doing this.



Are you talking to a firewall or using iptables on hosting? I feel inconvenient to do that as doing on an user interface.
If you are using ConfigServer Firewall then have a read of this https://www.liquidweb.com/kb/how-to-block-traffic-by-country-in-the-csf-firewall/

Take note of the important information

Step #2: Deny Access by Country Code

CSF does not recommend the use of country-level blocks on any VPS or small server unless the CIDR range for the chosen country is very small. The use of a large-range country block on a small server or VPS could slow the server to the point that it becomes inaccessible.

If you're using a VPS or have any question as to whether your server has the resources to effectively implement a country-level block, you may find it more practical to allow or deny traffic by country code to specific ports, which we cover in Parts Three and Four.
 
Recommended Threads
Replies
11
Views
6,129
Replies
2
Views
1,915
Replies
0
Views
1,885

Latest Hosting OffersNew Reviews

Sponsors

Tag Cloud

You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an alternative browser.

Top