Web site IP filtering

We've talked here before about filtering IP traffic by source for mail servers. The idea is that if you are not expecting email from Korea or wherever, blocking any such mail simply cuts down on any other security and spam processing necessary. For some people, it's a simple solution that can cut down unwanted email significantly, but of course it does so at the risk of also blocking legitimate email.

The same idea can be applied to ssh with perhaps less risk of stopping desirable traffic. If you know that you'll always be accessing a site only from addresses in a certain country, you again can save the trouble of further processing on access attempts that come from other places. We've had some arguments about the value of such filtering but I still believe it can be valuable in some circumstances.

Web sites also may have reasons to block or filter traffic. There's an Apache blacklist module that lets you do just that. Normally that is used to block traffic to specific ip's that have already exhibited unfriendly behavior rather than prejudging the traffic based on its country of origin. I wouldn't expect there to be much interest in blocking web traffic on such criteria. but apparently at least one company thinks otherwise: http://www.trafficcleaner.com/ does exactly that and is currently (November 2005) offering the service free to beta testers.

I can't imagine too many web sites that would filter traffic by country, but I'm sure some exist. If you are selling a product that can only be used in a certain country or if you aren't willing to accept payment from outside your own country, this might make perfect sense: why waste the bandwidth and open yourself to possible attacks? This also offers the ability to redirect traffic to different pages, which could be useful if you had different offerings for different countries such as translations, or alternate product pages for an ecommerce site. As you would probably guess, this is simply Javascript code that picks up the remote address, looks it up in a database, and acts accordingly. Nothing particularly difficult there.

This type of filtering could be very frustrating for a person who happened to be traveling in a foreign country but wanted to access a site they normally access at home. Being blocked or redirected to alternate pages could be quite maddening and upsetting. This particular product uses a cookie which would allow them (assuming they were still using their "home" computer), but I can still envision circumstances where this could be very annoying.

Comments /Security/web-ip-filter.html


Add your comments

Why no "Digg this!" etc.?

Enter your email address for automatic notification of new posts here
(be sure to whitelist 'feedburner.com' if you use spam filtering)

Need eyes on the ground at your customer's site?
Installation and light training Boston and New England
Reliable and experienced, punctual and professional.

Have you tried Searching this site?

Unix/Linux/Mac OS X support by phone, email or on-site: Support Rates

This is a Unix/Linux resource website. It contains technical articles about Unix, Linux and general computing related subjects, opinion, news, help files, how-to's, tutorials and more. We appreciate comments and article submissions.

Publishing your articles here