Knowledgebase: Security
Block Region or Country from Viewing Your Site
Posted by ASO Admin on 07 February 2020 01:33 PM

Methods for Denying Access to Specific Regions or Countries

There are three methods by which you can prevent visitors from a specific location from visiting your website: custom rules in CloudFlare, Apache Deny Rules, using a combo of CloudFlare and .htaccess Rules.

Custom Rules in CloudFlare

For this method to work, a CloudFlare account is required and it must be enabled for the domain you want to block traffic for. See here for more info about CloudFlare.

In addition to the other services offered by CloudFlare , you can use this service to easily block individual IPs, IP ranges, and countries from visiting your site. This is the simplest and most direct way to accomplish this.

  • Log into your CloudFlare account and click Dashboards, at the top of the page

  • At the top right corner of your Dashboards page click Threat Control

  • In the Add Custom Rule box type an IP address, IP range, or country

  • Click Block +

This will add a new rule to your Block List which will deny visitors matching the rules you selected from reaching your domain. It will also prevent your cPanel from being accessed via the domain by blocked locations (in addition to the website itself).

The Apache Deny Directive

The Apache Deny directive allows you to block visitors from accessing your Linux server from a given IP address. Using this method in .htaccess will give you direct control over access to your server and can block unwanted visitors. Incorrectly used, however, it can have negative effects on your traffic and site performance.

Blocking a Country or Region with .htaccess Deny Rules

Although it is possible to block an entire region or country using this method, we very strongly recommend against it.

Using deny directives will cause Apache to check the entire list for matches on every single request, of which there may be dozens per single page load. This directly affects performance of your website and the server as a whole and may drastically slow things down.

Therefore, we discourage use of this technique unless there are compelling reasons to do so. If used, we ask that you strictly limit the number of IPs blocked.

Using a Combination of CloudFlare and .htaccess Rules

For this method to work, a CloudFlare account is required and it must be enabled for the domain you want to block traffic for. See here for more info about CloudFlare.

This option offers the most flexibility with the most convenience. CloudFlare has a feature enabled by default in which includes IP GeoLocation Headers in the requests for your site. These headers can be used to block regional access to different areas of your website by using .htaccess Deny rules. Here, for example, is .htaccess code for blocking traffic from India and the United States when visited through a domain using CloudFlare:

SetEnvIf CF-IPCountry IN BuzzOff=1
SetEnvIf CF-IPCountry US BuzzOff=1
Order allow,deny
Allow from all
Deny from env=BuzzOff

By editing this code to adding a line for any country you wish to block, and using the correct country code, you can effectively restrict access to different parts of your site or the site as a whole. A complete list of country codes may be found here.

By changing 'SetEnvIf CF-IPCountry IN BuzzOff=1' to 'SetEnvIf CF-IPCountry CN BuzzOff=1' you would block China instead of India, or by adding a third line, 'SetEnvIf CF-IPCountry CA BuzzOff=1', you could block Canada as well.

Blocking Specific IPs

If you already know a specific IP address you want to block, you can use the IP Deny Manager in cPanel to do so.

How to find out a visitor's IP address

Use the web statistics tools to find more information on your visitors. We suggest you go to cPanel and click the Latest Visitors icon. Look for the Host information; it could be an IP or a domain name.

How to block the IP address

  1. Log in to cPanel and click IP Deny Manager

  2. Under "Add an IP to deny" and enter IP address or domain name you wish to block

  3. Click the Add button

How to unblock the IP address

  1. Log in to cPanel and click IP Deny Manager

  2. At the bottom, under "Current IP addresses being blocked", click Remove

Deny All

You can also set an option for 'deny from all', which will deny everyone. This must be done by coding your .htaccess file as follows:

deny from all
allow from
allow from #my house

Note: it is possible to block access to yourself accidentally by using this method. 

Be sure to allow access via your IP otherwise you will be blocked as well. You can find out your current IP address by visiting the Find Your IP Address page. If you accidentally block yourself, please contact us. You will need to confirm your identity before we can unblock your IP.

(1 vote(s))
This article was helpful
This article was not helpful

Comments (0)
Post a new comment
Full Name:
Help Desk Software by Kayako fusion
ERROR: This domain name (, does not match the domain name in the license key file

For assistance with your license, please contact the Kayako support team: