How To Keep a Web Site Local?

← Back to Stories (view on slashdot.org)

How To Keep a Web Site Local?

Posted by kdawson on Tuesday March 10, 2009 @07:02PM from the first-ban-google dept.

Cornwallis writes "The universal accessibility of the Internet is one of its attractions. But what do you do when you don't want your board to be Slashdotted? Back in the day it was great to run a local BBS where friends and neighbors could dial in using their 9600-baud modems to pick up mail or share games or stories. Now, my Web-based board gets slammed by people from all over the world who have no reason to access it, can't possibly take advantage of the locally focused services it offers, and generally take up my time because I have to block their accounts or explain to them why they can't have access. This despite the fact that the board explains quite clearly that it is for local use only and couldn't possibly be of interest to them. Other than putting thousands of entries in my hosts file to block IP ranges, what options do I have to restrict access to locals only? Or isn't that feasible?"

31 of 297 comments (clear)

.htaccess by Norsefire · 2009-03-10 19:05 · Score: 5, Informative

order allow,deny
deny from all
allow from iprange
allow from iprange
allow from iprange
etc. etc.

There are websites all over the internet that allow you to do country-by-IP-range lookups.

You could also do;

ErrorDocument 403 "Sorry, this website is only available to people living in .

(Yes, no final quotation mark).

Or don't worry, what does it hurt if people who aren't benefiting from a website visit it?
1. Re:.htaccess by Anonymous Coward · 2009-03-10 19:10 · Score: 5, Funny
  
  ErrorDocument 403 "Sorry, this website is only available to people living in .
  Or "This is a local website for local people. There's nothing for you here."
  
  Or don't worry, what does it hurt if people who aren't benefiting from a website visit it?
  They covet the precious things.
2. Re:.htaccess by fractoid · 2009-03-10 19:26 · Score: 4, Funny
  
  Or "This is a local website for local people. There's nothing for you here."
  Thankyou! I was hoping someone would say this. ;) Bad login attempts should lead to an error page saying "What's all this shouting? We'll have no trouble here!"
  
  --
  Rampant carbon sequestration destroyed the Dinosaurs' tropical paradise. I'm here to help repair the damage.
3. Re:.htaccess by Anonymous Coward · 2009-03-10 19:39 · Score: 5, Informative
  
  For any Americans wondering what their mad cousins, from across the pond, are talking about: http://www.youtube.com/watch?v=zOGAAlHzF4o
4. Re:.htaccess by Haeleth · 2009-03-10 21:10 · Score: 3, Insightful
  
  There are websites all over the internet [google.com] that allow you to do country-by-IP-range lookups.
  You could also do;
  ErrorDocument 403 "Sorry, this website is only available to people living in .
  And then brace yourself, because you're going to get an earful from the next local person who tries to catch up with her friends back home while she's on holiday, only to be told that she's banned because she's "not local".
5. Re:.htaccess by andy.ruddock · 2009-03-10 22:19 · Score: 5, Informative
  
  Or allow access to all registered users, but only allow "local" access to the signup page.
  
  --
  God: An invisible friend for grown-ups.
6. Re:.htaccess by cbiltcliffe · 2009-03-11 00:44 · Score: 3, Funny
  
  Or "This is a local website for local people. There's nothing for you here."
  You are in a maze of twisty little web pages, all alike.
  
  --
  "City hall" in German is "Rathaus" Kinda explains a few things......
7. Re:.htaccess by JWSmythe · 2009-03-11 00:53 · Score: 4, Funny
  
  I'm on the 10.0.0.0 network, you insensitive clod! :)
  
  --
  Serious? Seriousness is well above my pay grade.
8. Re:.htaccess by jsiren · 2009-03-11 02:04 · Score: 4, Funny
  
  iptables -A INPUT -s ! 127.0.0.0/8 -j DROP
  That should keep those pesky non-locals out. ;)
  There, fixed that for you.
  
  --
  Usage: km/h for speed (kilometers per hour); kph for very slow impulses (kilopond hours).
Good question, but... by Anonymous Coward · 2009-03-10 19:06 · Score: 5, Funny

...I doubt Slashdot can make a good assessment without taking a look at the site. Mind posting the URL?
1. Re:Good question, but... by MichaelSmith · 2009-03-10 20:30 · Score: 4, Funny
  
  I'll ask 4chan to help. Looks like a big job.
  
  --
  http://michaelsmith.id.au
Why use a tech solution? by Macthorpe · 2009-03-10 19:08 · Score: 3, Informative

Get some paper, pin it up around the neighbourhood with a private key. Ensure that people can't create an account or access the boards without the private key.
Am I missing something? Why use an overly technical solution when some paper and pens will fix the whole thing?

--
"It does not do to leave a live dragon out of your calculations, if you live near him." - Tolkien
1. Re:Why use a tech solution? by jschen · 2009-03-10 19:15 · Score: 4, Insightful
  
  I agree that this probably should not be solved purely on the technology end of things. One of the great things about the Internet is that one can access things from most anywhere. Your website may cater to locals, but you need to consider the possibility that someone who is generally local to the area but currently elsewhere might want to access the site. That's a pretty serious problem for filtering based on geography.
2. Re:Why use a tech solution? by Jurily · 2009-03-10 20:27 · Score: 5, Insightful
  
  That's a pretty serious problem for filtering based on geography.
  No kidding. Basically, anyone who thinks geography-based filtering is a good idea should be shot. Imagine moving 2000 miles, then being told by some braindead webdesigner you can't talk to your friends anymore.
3. Re:Why use a tech solution? by 1u3hr · 2009-03-10 21:20 · Score: 5, Interesting
  
  No kidding. Basically, anyone who thinks geography-based filtering is a good idea should be shot. Imagine moving 2000 miles, then being told by some braindead webdesigner you can't talk to your friends anymore.
  Happens to me a lot. I'm in Hong Kong. I find some US ISPs (like AOL) bounce my mail solely based on my location. And much media (even some on Youtube) is blocked geographically. Even some porn sites block me.... And other sites insist on giving me Chinese versions of their web pages, with no option to choose English. Highly irritating to go to Google.com and find myself redirected to Google.com.hk. (Yes, I have workarounds now, still annoying.)
Link plz by Anonymous Coward · 2009-03-10 19:09 · Score: 3, Funny

Give us a link to the board, we need to have a look at it before we can properly assess the best way to 'keep it local'.
Why you gotta be like that? by QuantumG · 2009-03-10 19:20 · Score: 5, Interesting

You have no idea what is of use to other people. Maybe they're thinking of visiting your local area. Maybe they have friends that live there. Maybe they're thinking of setting up a similar board for their own area and want to know how yours is going. Put down your ego for a minute.

--
How we know is more important than what we know.
local knowedge by 1u3hr · 2009-03-10 19:39 · Score: 5, Insightful

We have a forum for our village.
A couple of years ago we started to get a lot of people signing up from China, India, Russia etc and then posting spam. So now, to register with the forum you have to answer a question that requires you have some local knowledge. That gets rid of most automatic signups. And secondly, the accounts are not activated automatically but have to be approved by an administrator. So we delete those with spammy URLs in their signatures ("Buy WOW gold" seems to be a common variety). In a small community, the number of real local people siging up is a few per week. Maybe a couple of spammers get past that in a month, and then their posts and accounts are quickly deleted.
1. Re:local knowedge by Richard+Fairhurst · 2009-03-11 02:17 · Score: 3, Informative
  
  I run our town website. 1,000 registered users but very, very little spam - over seven years I think I can count the amount of spam from China and Russia on the fingers of one hand.
  Two reasons. One: a completely bespoke system, hand-crafted from finest dodgy Perl and inefficient SQL. Put simply, if you're not running phpBB or something well-known like that, they're simply less likely to find you. These guys search for phrases like "powered by punBB" to find targets.
  Two: postings in the news, events and ad sections require approval before they go live. Postings in the forum don't - but you can only get access to the forum by clicking through a JavaScript "I agree not to be a dick" page, which sets a cookie (yeah, I know, accessibility yadda yadda). So, again, they're less likely to find it because it doesn't show up on Google. (Oh yeah, not having frickin' Googlebot hammer the server is a plus, too.)
  I realise this isn't an option for everyone, but the OP sounds reasonably tech-savvy so should be able to do similar.
Re:Easier option by X0563511 · 2009-03-10 20:09 · Score: 4, Insightful

Best to only apply this restriction to account creation. Requiring them to be local when they make the account is entirely understandable, but blocking them from logging in while traveling is not.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
You can automate it by an.echte.trilingue · 2009-03-10 20:12 · Score: 4, Informative

While it does involve having thousands of addresses, this kind of thing is pretty easy to automate, given what your goals are. For example, I use this tool to determine which country my visitors are in and display the relevant contact information (show the French address to people in France, the Belgian one to people in Belgium, etc). I have a cron job set up to update the database once a week; it is fully automatic and very reliable.

If you need to be more specific, this guy has a php class that can supposedly give you information as specific as city, or you can write your own using the db you can download here, although I can't personally vouch for either. You could also parse the hostnames in your server and only allow service providers in your area.

Also, google code has a really good tutorial for a client side application if your server is limited in its capabilities.

Either way, it sounds from the summary like you have access to a database of ip address ranges you want to allow. Just set up a cron job to download it and parse it.

--
weirdest thing I ever saw: scientology advertising on slashdot.
Re:Who are locals? by Z00L00K · 2009-03-10 20:20 · Score: 4, Informative

Have a credibility check page - like checking if someone knows about a local detail that's known by the locals.
"What was the color of the church at Elm Street before 2004?"
And you may want to be careful with IP address filtering since that can result in unexpected disadvantages when a local is out traveling.

--
If builders built buildings the way programmers wrote programs, then the first woodpecker would destroy civilization.
Callback/SMS by hab136 · 2009-03-10 20:25 · Score: 3, Interesting

One previously common method of authentication was call-back. You give the site your phone number, then then site calls you (and you press a digit, or answer with your modem).
Nowadays the equivilent is SMS. When they sign up, have them put in their cell number to receive an SMS, then require them to enter that code to continue. You can send SMSes via email for most carriers, so no equipment on your end. Only allow SMSes to your area code and local carriers. For people without cell phones, have them enter their landline phone number and then have a human call them.
People travel. by Futurepower(R) · 2009-03-10 20:27 · Score: 3, Insightful

Yes, exactly: "... you may want to be careful with IP address filtering since that can result in unexpected disadvantages when a local is out traveling."

Don't expect that your users stay in one place.

Do expect that they sometimes travel to other countries.
1. Re:People travel. by azaris · 2009-03-10 20:50 · Score: 5, Funny
  
  Don't expect that your users stay in one place. Do expect that they sometimes travel to other countries.
  I was going to suggest this, then realized his users are likely to be Americans.
2. Re:People travel. by WindBourne · 2009-03-11 00:48 · Score: 3, Insightful
  
  Do expect that they sometimes travel to other countries.
  I was going to suggest this, then realized his users are likely to be Americans. The funny thing is, that this is true of all large countrys citizens that do not live near a border. For example, how many ppl in France, German, or even England go into Africa? Or America? Or Australia? All of the Michigan , Wisconson, Minnesota folks I know HAVE been into Canada. Likewise, all the West Texas, NM, Southern CO, AZ, Southern Nevada, Southern CA ppl that I know have also hit Mexico. The ppl that have never been out of the country tend to be those in the middle. Of course, they have all traveled more than 1000KM away. And the simple fact is, that for us Coloradoans, we see major cultural differences . The difference between a West Canadian vs East Candian has about the same difference; Love their country, but different mind sets.
  
  What is funny, is that it get the average EU person to travel similar differences would mean that they travel from Western europe into just east of middle Africa, or that they go into the middle east, OR that they go into central africa. How many do that? Damn few. And South Americans do even less traveling.
  
  --
  I prefer the "u" in honour as it seems to be missing these days.
Re:Hmmm.... by davmoo · 2009-03-10 20:32 · Score: 4, Insightful

And it sounds like you've never had to pay for things like bandwidth and server space out of your own pocket. Maybe he wants to keep it small because that's what he can afford. Information may want to be free, but the infrastructure to host it never is.

--
I want a new quote. One that won't spill. One that don't cost too much. Or come in a pill.
A few issues by Canazza · 2009-03-10 22:13 · Score: 4, Informative

Your local audience may leave the area (either on holiday or to live) but still want to talk to people back home. This means that blanket IP Range blocking is out of the question.
What I suggest is restrict viewing the website to people who are logged in. A default splash page for those not logged in could be shown that's minimal in graphics and text, containing just the log-in form and a 'register here'.
To stop unwanted people registering a new account, you could to a blanket IP ban on the registration page ONLY, meaning that a local person can register at home, and then roam to wherever and still access the site.
someone mentioned earlier this library for blocking a range of IP's by country and this PHP class that can do it too.
Just use them on the registration page and set up a redirect for those who are not logged in (regardless of location) and you should have a nice walled in forum.

--
It pays to be obvious, especially if you have a reputation for being subtle.
Information wants to be free by Anonymous Coward · 2009-03-10 22:32 · Score: 5, Funny

Copyright doesn't exist. You don't have the rights to keep your information for yourself. You MUST share it with all us and everybody as the rights to copy and use it.
or so I have been told here on slashdot.
PS. Apple users suck.
Re:Easier option by Anonymous Coward · 2009-03-10 22:46 · Score: 5, Funny

Best to only apply this restriction to account evolution.
Fixed that for y... wait, what?
Re:Non-local trolling would be blocked? by PIBM · 2009-03-11 00:27 · Score: 3, Interesting

The easy solution would be to only apply the limitation on account creation. Just have to prove once that you live in the area!