Question
How to allow access from one country only to the server using Imunify360?
Solution
In order to allow access only from one country only, it is required to blacklist all other country codes.
- It is possible to achieve this by using the following command (the example below for allowing Malaysia only).
- To add every country code to the blacklist (pay attention that Malaysia is specified as an exclusion):
# imunify360-agent blacklist country add $(echo "select code from country WHERE code != 'MY'" | sqlite3 /var/imunify360/imunify360.db)
Country codes can be found using this tool.
NB! The above command may take some time to complete.
NB! Be warned that such total country blocks do not always work as expected, as BGP routing to the CDN Data Centers may not work as straightforwardly as implied. For example, it is often the case that the server might be unexpectedly unavailable from the adjacent countries or DNS servers cannot be reached due to global routing changes.
- Therefore if you have doubts about whether your country can be blocked as an adjacent one or some crucial internet services like DNS, DHCP or NTP will not be reached from a whitelisted country or subnet, consider adding exclusions for example as per:
# imunify360-agent blacklist country add $(echo "select code from country WHERE code != 'MY' AND code != 'SG'" | sqlite3 /var/imunify360/imunify360.db)
Comments
0 comments
Please sign in to leave a comment.