How to Whitelist / Blacklist a Full Country ?

This guide explains how to whitelist or blacklist entire countries in cPFence. You can manage these settings either through the command line or by editing the configuration file, which is useful for deploying bulk settings across multiple servers.

Tip: You can find the correct ISO codes at ISO 3166-1 alpha-2.

Part 1: From CLI ( Command Line Interface )

Whitelist a Country

To add a country to the whitelist, use the following command:

cpfence --whitelist-country ISOCODE

Replace ISOCODE with the two-letter ISO code of the country, e.g., us for the United States.

Blacklist a Country

To add a country to the blacklist, use the following command:

cpfence --blacklist-country ISOCODE

Replace ISOCODE with the two-letter ISO code of the country, e.g., cn for China.

Remove Country from Whitelist

To remove a country from the whitelist, use the following command:

cpfence --del-whitelist-country ISOCODE

Replace ISOCODE with the ISO code of the country, e.g., us.

Remove Country from Blacklist

To remove a country from the blacklist, use the following command:

cpfence --del-blacklist-country ISOCODE

Replace ISOCODE with the ISO code of the country, e.g., cn.

 

Part 2: From Configuration File

For bulk country settings deployment across multiple servers, you can edit the configuration file directly. This method is useful for configuring block or whitelist settings on several servers simultaneously. Simply edit the configuration file, overwrite it on all your servers, and then run the command cpfence --restart. That's all you need to do.

Editing the Configuration File:

Blocked Countries:

Add the ISO codes of the countries you want to block under the line

# BLOCKED COUNTRIES : (DO NOT DELETE THIS LINE! - Your blocked countries should go below this line).

For example:

BLOCKED_COUNTRY=cn
BLOCKED_COUNTRY=ru

Whitelisted Countries:

Add the ISO codes of the countries you want to whitelist under the line

# WHITELISTED COUNTRIES : (DO NOT DELETE THIS LINE! - Your whitelisted countries should go below this line).

For example:

WHITELISTED_COUNTRY=us
WHITELISTED_COUNTRY=fr

Applying Changes:

After editing the configuration file, You must restart the cPFence service to apply the changes:

cpfence --restart

------------

Important Notes

  • Managing countries via the command line is recommended as it automatically updates the corresponding files.
  • Only use the edit configuration file method on new servers or servers where you're okay with resetting the IP settings.
  • Whitelisted countries will bypass all IPDB/DDoS protections, so whitelist with caution.
 
 
  • 0 Els usuaris han Trobat Això Útil
Ha estat útil la resposta?

Articles Relacionats

How to use cPFence IPDB / DDoS Module ?

cPFence provides robust tools for managing IP databases (IPDB) and protecting against DDoS...

How to Whitelist / Blacklist an IP ?

This guide explains how to manage IP addresses by adding them to the whitelist or blacklist in...

How to Fix Bulk IP Blacklisting or Whitelisting Issues in cPFence?

If you're facing issues when attempting to bulk blacklist or whitelist IPs in cPFence, the most...

Am I Under a DDoS Attack? I See Hundreds of GET Requests in the Logs

If you're noticing hundreds of GET requests in your logs, it's important to understand that this...

How to Check the Status of an IP in cPFence?

cPFence allows you to quickly check the current state of an IP address to see if it has been...