How To Block a Country in CloudFlare

As traffic is the driving force behind any website, the owners usually welcome a surge in the number of its visitors. However, these surges can sometimes be caused by hackers and bots. As the website administrator, you can typically trace these attacks back to specific countries. If the traffic from these countries isn’t relevant to your website’s operation, blocking them is the best option. This way, you’ll safeguard your website and protect visitors from harm.

If you’re unsure how to do this, you’ve come to the right place. Keep reading to learn how to block a country using Cloudflare.

Why Block a Country From Your Website

Security is the most common reason for blocking users from visiting your website. Every website is somewhat vulnerable to malicious traffic and security attacks. The most frequent attacks are:

• XSS attacks, which can compromise the website users’ private information.
• DDoS attacks, which render a website offline temporarily or permanently.
• Phishing attacks, which can compromise the website users’ sensitive information.
• Injection attacks, which target the server’s database directly and reveal user inputs and hidden data.
• Directory traversal attacks, which can compromise the website’s access, databases, and configuration files.

If most of these attacks come from one or more specific countries, blocking them will save you and your website a lot of trouble.

Another reason for geo-blocking is having a country-specific website. Let’s say you own an online shop that only caters to people living in one country. If that’s the case, blocking other countries can protect your server resources from being depleted by traffic that serves no purpose.

Finally, copyright, licensing terms, and other legal obligations might require blocking particular countries from accessing the content on your website.

How to Know Which Countries to Block

Although conversations about cyber-attacks mostly revolve around China and Russia, every website is different. There’s no need for any guesswork, as you can quickly check the site analytics to determine where the threats are coming from.

1. Log in to your Cloudflare account.
   
2. Select the domain whose analytics you want to check at the top of your page.
   
3. Tap the “Analytics” icon from the list of blue icons at the top of the page.
   
4. Go to the “Security” tab.
   
5. Navigate to the “Threats by Country” panel.
   

This panel is an interactive map highlighting the countries where your website’s threats originated. The Cloudflare Firewall provides most of the metrics for this tab.

To see where most attacks come from, check the “Top Threat Countries/Regions” data table.

Cloudflare How to Block a Country

There are several ways to block a country from your website, including using ModSecurity or .htaccess files. However, if you don’t have access to your web server, using the Cloudflare Firewall might come in handy.

For this method to work, you must have a Cloudflare account. Additionally, the account must be enabled for the domain you want to block traffic for. Finally, the geo-blocking feature works best if you are on the Enterprise plan.

Once you’re all set, blocking a country on Cloudflare using the integrated Firewall feature is relatively simple:

1. Log in to your Cloudflare account.
   
2. If you own multiple domains, select the domain you want this rule to apply to at the very top of the page.
   
3. Click on the “Security” icon from the list at the top of your page.
   
4. Tap the “Firewall Rules” tab.
   
5. Press the blue “Create a Firewall Rule” button.
   
6. Type a descriptive name in the “Rule Name” field, e.g., “Block Bad Countries.”
   
7. Navigate to the “When incoming requests match…” section.
   
8. Under “Field,” select “Country.”
   
9. Once the remaining fields in the section are no longer greyed out, set the “Operator” field to “is in.”
   
10. Tap the “Value” tab to display a list of countries.
    
11. Select each country you want to block from accessing your website.
    
12. Click the “Or” button next to the list of countries.
    
13. Go to the “Then…” section.
    
14. Under “Choose an action,” select “Block.”
    
15. Once you’ve set all the countries, hit the “Deploy” button.
    

The Firewall rule has now been created. Any traffic coming from the countries you’ve selected will be blocked.

However, the set rule is not finite. You can always edit it to add or remove a country. Here’s what to do:

1. Navigate to the “Firewall Rules” tab.
   
2. Scroll down to the list of rules.
   
3. Tap the wrench icon on the right of the rule you want to edit.
   
4. Go to the “Value” field under the “When incoming requests match…” section.
   

To block a new country, tap the “Value” field and select the country from the drop-down list. If you’d like to unblock a country, simply tap the “x” sign next to its name.

Once you’re satisfied with the updated list, hit “Save” in the bottom-right corner of your screen.

If you’d like to block traffic from specific countries periodically, you can make a separate rule for them. Then, whenever you want to unblock the countries, you can toggle the button next to the wrench icon off. This deactivates the Firewall rule until you choose to toggle it back on.

In addition, you can also delete a rule altogether if you don’t need it anymore. Just press the “x” button on the far right side of the rule’s names.

How to Ensure the Firewall Is Working

If you’re unsure whether you’ve set the Firewall rule properly, you can check the Firewall statistics periodically. Here’s what to do:

1. Tap the “Security” icon from the list at the top of your page.
   
2. Go to the “Overview” tab.
   
3. Scroll down to the “Activity log.”
   

Under the “Activity log,” you can see the following tabs:

• Date
• Action taken
• Country
• IP address
• Service

You can look for the countries you’ve blocked under the “Country” tab. If you’ve successfully blocked that country, the “Action taken” tab next to it will display “Block.”

Safety First

Protecting a website from malicious bots and hackers is the primary reason administrators consider blocking a country from their website. Whether or not you’re looking into geo-blocking for the same reason, Cloudflare offers you a simple way to accomplish your goals.

The best aspect of using a Firewall is knowing that it doesn’t affect your website and its traffic in any harmful way. It simply blocks requests coming from unwanted countries before they can cause a problem.

Have you had issues with cyber-attacks on your website? How did you deal with them? Let us know in the comments section below.