Blocking Country Website Access Coming in New Sueetie Addon Pack

There are several good reasons to block access to your website.  It could be that it is being hit with malicious attacks from sources in a particular country, or because of Intellectual Property concerns, licensing restrictions, whatever.  I’ve been employing country blocking at Sueetie.com for several months, but have never had a distributable offering in Sueetie until now in the Client Access Control module, available in the upcoming Sueetie Addon Pack.

I’ll discuss the technical details of Sueetie Client Blocking in a future post.  For now, we’ll suffice to say that country blocking is based on originating IP address.  Several good services both free and commercial provide IP Geo-Location lookup data.  The Sueetie Client Access Control Module imports IP geo-location data (in CIDR format) and stores it as a series of IpStart-IpEnd ranges.  The client originating IP is then tested for falling in any of the blocked IP ranges in a Sueetie Addon Pack HttpModule.  If it does, the client is blocked and returned a 404 response.

That’s how Sueetie Client Blocking works in a nutshell.  Let’s look at a few screenshots.  Like I said, we’ll go deeper into the mechanics another time.

Here’s the Client Access Control Main Menu in the updated Sueetie Administration Addons Area. We can select countries to block, we can update the IP range data for those countries, we can add and remove countries from the system, enter IP blocks manually, and check whether a specific IP is blocked or not.

Here we see the Block Access by Country page where we can select countries we wish to block.  The countries listed are the default that come in the Addon Pack. 

The next page isn’t very sexy, but it’s the most important one because it updates the IP data for the countries we are blocking.  IP geo-location data is not a static thing, so it’s important to update the blocked IP ranges on a regular basis.  I’ve made that process real easy as you see here and in the technical info coming shortly.

Here we can add or remove countries from the system.

You may have the need to enter IP Ranges manually, and this is the page to do it.

For testing purposes you can check if a specific IP is being blocked.

This is one of those more technical items that I couldn’t resist mentioning.  The IP data importing and updating functions can take some time to process.  To give you an idea, to import IP data for the eleven countries shown above would take around 60 seconds.  I started with a cool "processing…" animated GIF, but decided to move the import and update processes to a background task rather than make anyone have to wait, especially me!  So the UI response to importing and updating is instant and when the process is complete the results are displayed in the Event Log you see below.

There’s more coming on Client Blocking.  Besides blocking client based on location, we’ll also be blocking by user agent.  There’s also analysis of traffic which I hope makes it into the Addon Pack.  So as usual, stay tuned.

Article written by

A long time developer, I was an early adopter of Linux in the mid-90's for a few years until I entered corporate environments and worked with Microsoft technologies like ASP, then .NET. In 2008 I released Sueetie, an Online Community Platform built in .NET. In late 2012 I returned to my Linux roots and locked in on Java development. Much of my work is available on GitHub.