Block Traffic by country in CSF firewall advanced configuration

Block Traffic by country in CSF firewall advanced configuration.

  1. Bhawani Singh
    Introduction:

    A feature that is required on control panel server is to manage and filter the traffic hitting at country code level. The CSF or Configuration spec firewall plugins this is achieved through Web Host Manager (WHM).

    Country code level filtering within config spec firewall uses the Max mind Geo lite country databases to obtain CIDR ranges for some specific countries. Every CIDR covers almost all the address that are specific to that country.

    Reason for blocking countries in CSF:

    Due to some reason a server admin may block the traffic arriving from the specific country.

    1) Reducing the bandwidth

    2) Security risk and securing the site that is only visible within the locations where it is permitted

    There are other several factors as well that need to be considered before filtering traffic at cc level
    • A small amount of unnoticed traffic may enter, and a small amount of traffic could be restricted.
    CIDR IP range list are not accurate for cc level blocks
    Some ISP and web services use different geographic locations for their customers
    Using a proxy and VPN to hide the location of visitor’s true locations geographically
    • Country level filter is applicable only for inbound connections and not the outbound connections.
    • Using cc level filter may seriously bring up negative negatively degrade and you will sometime notice response coming slowly.
    • This will surpass the size of range lists and the truth is the CF check all the incoming IP connections containing thirty thousand entries against the list.
    Checklist

    Assume that you have a config server firewall on your control panel server installed. Then you got access to the web hosting manager follow the below steps:

    Step 1: Use the CSF Plugin web hosting manager

    • Login to WHM panel.
    • Click on “ConfigServer Security and Firewall” under plugin.
    firewall.png
    • Now go to “Firewall configuration” button and open the file.
    firewall2.png
    • In next window go to the "Country Code Lists and Settings section."
    firewall4.png

    Step2: Restrict the access by CC_Deny field:

    Config spec firewall does not suggest you to use the country wise block on any virtual private system or any small servers unless and otherwise the chosen country code is very small.

    The use of large span cc blocks on a smaller server system could slow down the server and make it inaccessible.

    Do the following steps

    1) On the CSF navigate to the cc list and settings.

    2) Using cc_deny field to block country by its code. This accepts only 2 letter country codes like US, GB, DE. Multiple countries should be with comma separated and there should be no space in between the country code.

    3) Don’t use the cc_allow. It will open traffic for all country code

    deny.png
    Step3: Save the settings and do a restart

    Scroll down to the bottom of the settings and click on change button. On the next screen restart with new settings both csf+ifd