Blocking EU users as a service

Discussion in 'Internet and Technology' started by \o/, May 4, 2018.

Tags:
  1. doubt

    doubt Tazmanian

    4,455
    502
    +1,865
    Not cheap.


    Hobby:

    $ 9/month

    1 domain
    up to 10,000 visitors/month
    SSL encryption
    Email support

    Professional:
    $ 49/month

    3 domains
    up to 1M visitors/month
    SSL encryption
    Country-level analytics
    24/7 email & chat support

    Enterprise:
    $ 79/month

    5 domains
    up to 5M visitors/month
    SSL encryption
    Country-level analytics
    24/7 email & chat support
     
  2. \o/

    \o/ Aspirant

    33
    13
    +8
    Well, it would probably be cheaper (but more effort) to make your own blocker. It could even be made server-side to make it harder to circumvent it:

    PHP:
    $disallowed_countries = ["BE""BG""CZ""DK""DE""EE""IE""EL""ES""FR""HR""IT""CY""LV""LT""LU""HU""MT""NL""AT""PL""PT""RO""SI""SK""FI""SE""UK"];
    $ip $_SERVER["REMOTE_ADDR"];
    if (
    in_array(geoip_country_code_by_name($ip), $disallowed_countries)) {
        die(
    "Your country does not want you to be here.");
    }
    (Untested.)

    But for convenience, a ready-made JavaScript should also do the trick.
     
    Last edited: May 4, 2018
  3. Tracy Perry

    Tracy Perry Opinionated asshat

    5,024
    492
    +3,459
    Why worry about that when CSF can do it at the firewall level. Of course, if you are on shared hosting that could present a problem.
     
  4. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    You can block but when you have all ready people of the EU in your system you still fall under GDPR. Also if people use a proxy to access your site again you fall under GDPR. The easiest way is to make sure you are GDPR compliant and it does not have to cost so much. Also if you want this you’ll need to pay it as long as you have your site.
     
  5. baona119

    baona119 Participant

    89
    63
    +33
    This is what I find obscure. Are EU users become superiors now? They come to my house despite not welcoming then I fall under GDPR
     
    • Also Wondering! Also Wondering! x 2
    • List
  6. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    GDPR does not care that your site is hidden or notas long as it contains GDPR information you fall under it as long that its a EU person and the person is on i think you say it on EU soil.
     
  7. Tracy Perry

    Tracy Perry Opinionated asshat

    5,024
    492
    +3,459
    They'd like to THINK that you do. As soon as I can start suing EU nation members in my local small claims court for tort actions then maybe we have something to talk about.
    Ironically I remember a nation going to war over something similar but involving taxation.

    And as I said in another post... I'm sure there is some vague law somewhere that prohibits bypassing security measures that are in place. Once your EU person bypasses that, they lose all GDPR "protection" rights they may have had.

    EDIT:
    BTW, for those interested and using CSF, the appropriate change consists of modifying the CC_DENY to
    Code:
    CC_DENY= "AT,BE,BG,HR,CY,CZ,DK,EE,FI,FR,DE,GR,HU,IE,IT,LV,LT,LU,MT,NL,PO,PT,RO,SK,SI,SE,GB"
    Due to the size of the block list, I would recommend it only on a dedicated server or a larger VPS.
     
    • Like Like x 1
    • Informative! Informative! x 1
    • List
  8. mysiteguy

    mysiteguy Devotee

    2,397
    887
    +1,648
    I've found country blocking to be faster using mod_maxmind versus the firewall, it's optimized specifically for it. Doesn't matter how big the country's IP block range is, it makes no impact on speed. Doing it via the firewall for countries like China, for instance, creates thousands of rules.
     
  9. mysiteguy

    mysiteguy Devotee

    2,397
    887
    +1,648
    False.

    https://gdpr-info.eu/recitals/no-23/ - GDPR says you have to target their users. A web site actively blocking EU users is certainly not targeting them, and is not responsible for people trying to circumvent the block.

    "In order to ensure that natural persons are not deprived of the protection to which they are entitled under this Regulation, the processing of personal data of data subjects who are in the Union by a controller or a processor not established in the Union should be subject to this Regulation where the processing activities are related to offering goods or services to such data subjects irrespective of whether connected to a payment. 2In order to determine whether such a controller or processor is offering goods or services to data subjects who are in the Union, it should be ascertained whether it is apparent that the controller or processor envisages offering services to data subjects in one or more Member States in the Union. 3Whereas the mere accessibility of the controller’s, processor’s or an intermediary’s website in the Union, of an email address or of other contact details, or the use of a language generally used in the third country where the controller is established, is insufficient to ascertain such intention, factors such as the use of a language or a currency generally used in one or more Member States with the possibility of ordering goods and services in that other language, or the mentioning of customers or users who are in the Union, may make it apparent that the controller envisages offering goods or services to data subjects in the Union."
     
    • Agree Agree x 1
    • Informative! Informative! x 1
    • List
  10. we_are_borg

    we_are_borg Moderator

    4,381
    807
    +1,684
    I need to read it in my own language and look a few things up because of two things how its explained to me and how its written.
     
  11. Tracy Perry

    Tracy Perry Opinionated asshat

    5,024
    492
    +3,459
    You can do the same if you use the geoip module in nginx. In fact, if you use CentMin Mod, you are already mostly there.
    Currently my pipe site should be returning a 403 error to any EU member country.
    And it looks to be working as this is using a proxy out of Germany.

    Screen Shot 2018-05-04 at 9.39.48 PM.png

    I'll modify a custom page to return later reflecting that due to their being in the EU and my disagreeing with their policy on who is subject to their control citizens of those areas are not allowed membership.
    And it's done - nginx returns a 451 (which to me is an appropriate status return code), with a custom page being displayed that is pretty clear as to the why.
    If anyone in the EU would like to try it out, please do and see if it blocks you. This should also take quite a load off the server firewall blocking.

    And the cost involved... absolutely nothing. There is the load on the server HTTP process to deny the connection. I could have simply used a 444 return but rather "send a message" with the 451 return.
    While I was at it I did an additional one for China, Pakistan and India. They get the 444 return though.
     
    Last edited: May 4, 2018
  12. Matthew S

    Matthew S Adherent

    273
    87
    +174
    Stupid question from a non-European: is this a generally accepted list of GDPR country codes?

    I've been using ipset to manage CC blocking. It hashes the subnets and makes for one entry into iptables. Doesn't seem to have affected memory usage in any way that I've noticed. Most guides to ipset talk about patching and recompiling for kernel support. Debian (and Ubuntu I presume) has support in the mainstream kernel, so just need to install ipset.

    I do appreciate the tips on using nginx geoip and mod_maxmind. I didn't particularly want to firewall block Europeans as I'd still like to be able to receive email from them. :tup:
     
  13. Tracy Perry

    Tracy Perry Opinionated asshat

    5,024
    492
    +3,459
    Blocking via nginx is very easy.

    In your nginx.conf simply put
    Code:
    geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $EU_no {
            default yes;
            AT no;
            BE no;
            BG no;
            HR no;
            CY no;
            CZ no;
            DK no;
            EE no;
            ES no;
            FI no;
            FR no;
            DE no;
            GR no;
            HU no;
            IE no;
            IT no;
            LV no;
            LT no;
            LU no;
            MT no;
            NL no;
            PO no;
            PT no;
            RO no;
            SK no;
            SI no;
            SE no;
            GB no;
    }
    Be sure that the geoip_country points to the actual location of the GeoIP.dat file.
    Then in the server section of your vhost config file place
    Code:
    if ($EU_no = no) {
            return 451;
            }
    you can use 444 as the return and it will drop the connection without notifying the user why, or you can create a custom html file and use it. You just have to define the file that you want it to point at in nginx.conf and then create it.
    Code:
    error_page 451 /451.html;
    will look for 451.html in the root domain directory.
     
    Last edited: May 5, 2018
    • Informative! Informative! x 1
    • List
  14. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +598
    I don't see Spain on the list (code ES)

    I also think it's really funny that in denying the EU zone from forums, you deny a larger audience than the entire US population...
     
  15. Tecca

    Tecca Fan

    789
    367
    +435
    That's true, but audience size doesn't matter all the time. Like in my case, EU users make up very little in terms of revenue. Most of my profit comes from the US.

    The quality from EU is certainly better than, say, India, but if we're blocking due to business/monetary reasons, it's not a big deal for a lot of smaller US-based sites.

    Now if the site is meant to be something informative to the world, like Wikipedia, I'd think it's silly to block and they should certainly work with the new laws.
     
  16. mysiteguy

    mysiteguy Devotee

    2,397
    887
    +1,648
    Depends on your site traffic. I've had some topics which receive less than 2% of their traffic from the EU.
     
  17. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +598
    Sure, the audience is relevant, I just think it's funny, but I'm biased as I'm in the EU.
     
  18. Tracy Perry

    Tracy Perry Opinionated asshat

    5,024
    492
    +3,459
    Missed it (was late and was playing Fallout 4 when I did the nginx change) but it's added in.

    Yeah, you may miss users... but sometimes when you stand up for something you believe in there is a loss.
    But I've also got a feeling you may find more and more smaller sites doing this very thing. It's apparently GDPR compliant - as it's readily apparent you are NOT pursuing any EU member states citizens since you are making an attempt to prevent their connecting to your site. Since you are not actively pursuing them, they have no dog in the hunt.

    What is "bad" for me is that several of those countries have a long, rich history in tobacco and tobacco pipes (Ireland, Great Britain, France, Denmark, and Belgium just to name a few) so I could be missing out on some good content creators joining.
     
  19. Pete

    Pete Flavours of Forums Forever

    1,773
    227
    +598
    Personally I believe that users should have control of their data, rights to their privacy, and appropriate controls enshrined in law to protect these.

    I'm in the EU and I believe in the spirit of the law and what it aims to do. You're right, sometimes there is a loss when you fight for something you believe in. I'm prepared to lose my time to defend the rights of the users who give me their data.

    Here's another thought if you're planning on blocking the EU: it encourages creation of competition from the EU where they're compliant and embracing audiences inside and outside the EU.
     
Verification:
Draft saved Draft deleted
  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.