Иногда требуется запретить доступ к сайту с внешних (небелорусских) адресов. Приведенные ниже способы запрещают доступ из всех сетей, кроме белорусских.
Для этого откройте в текстовом редакторе файл .htaccess, расположенный в корневом каталоге вашего сайта, и добавьте в его начало следующее содержимое, в зависимости от ваших потребностей.
Способ 1. Полный запрет доступа из небелорусских сетей.
order deny,allow
allow from 82.209.192.0/18
allow from 86.57.128.0/17
allow from 93.84.0.0/15
allow from 178.120.0.0/13
allow from 194.158.192.0/19
allow from 194.226.120.0/22
allow from 194.226.124.0/23
allow from 193.232.248.0/22
allow from 37.45.0.0/16
allow from 37.44.64.0/18
allow from 37.212.0.0/14
allow from 31.24.88.0/21
allow from 31.130.200.0/21
allow from 46.28.96.0/21
allow from 46.53.128.0/17
allow from 46.56.0.0/16
allow from 46.182.48.0/21
allow from 46.175.168.0/21
allow from 46.191.0.0/17
allow from 46.216.0.0/16
allow from 77.74.32.0/21
allow from 79.170.104.0/21
allow from 79.98.48.0/21
allow from 80.249.80.0/20
allow from 80.94.160.0/20
allow from 80.94.224.0/20
allow from 81.25.32.0/20
allow from 81.30.80.0/20
allow from 84.201.224.0/20
allow from 87.252.224.0/19
allow from 91.149.128.0/18
allow from 91.187.0.0/19
allow from 91.220.250.0/24
allow from 91.215.176.0/22
allow from 93.125.0.0/17
allow from 93.191.96.0/21
allow from 95.128.64.0/21
allow from 95.130.80.0/21
allow from 109.126.128.0/18
allow from 109.232.112.0/21
allow from 128.65.0.0/18
allow from 128.140.240.0/20
allow from 176.60.0.0/16
allow from 178.154.0.0/17
allow from 178.159.240.0/21
allow from 178.163.128.0/17
allow from 178.168.128.0/17
allow from 178.172.128.0/17
allow from 178.238.0.0/20
allow from 193.17.173.0/24
allow from 193.58.255.0/24
allow from 193.151.40.0/22
allow from 193.232.92.0/24
allow from 195.50.0.0/19
allow from 195.137.180.0/24
allow from 195.222.64.0/19
allow from 212.98.160.0/19
allow from 213.184.224.0/19
allow from 217.21.32.0/19
allow from 217.23.112.0/20
allow from 134.17.0.0/16
allow from 164.177.224.0/19
allow from 37.17.0.0/17
allow from 178.172.235.0/24
allow from 178.172.236.0/24
allow from 93.171.104.0/21
allow from 93.171.112.0/21
allow from 93.171.120.0/21
allow from 164.177.192.0/19
allow from 176.118.152.0/21
allow from 194.62.64.0/24
allow from 95.46.200.0/21
allow from 95.46.208.0/20
allow from 5.100.192.0/19
allow from 77.67.192.0/18
allow from 93.189.224.0/21
allow from 195.137.160.0/24
allow from 193.26.18.0/24
allow from 193.105.82.0/24
allow from 185.6.24.0/22
allow from 185.11.76.0/22
allow from 185.12.212.0/22
allow from 77.67.128.0/18
deny from all
Способ 2. Запрет отдачи небелорусским посетителям только файлов с определёнными расширениями.
order deny,allow
allow from 82.209.192.0/18
allow from 86.57.128.0/17
allow from 93.84.0.0/15
allow from 178.120.0.0/13
allow from 194.158.192.0/19
allow from 194.226.120.0/22
allow from 194.226.124.0/23
allow from 193.232.248.0/22
allow from 37.45.0.0/16
allow from 37.44.64.0/18
allow from 37.212.0.0/14
allow from 31.24.88.0/21
allow from 31.130.200.0/21
allow from 46.28.96.0/21
allow from 46.53.128.0/17
allow from 46.56.0.0/16
allow from 46.182.48.0/21
allow from 46.175.168.0/21
allow from 46.191.0.0/17
allow from 46.216.0.0/16
allow from 77.74.32.0/21
allow from 79.170.104.0/21
allow from 79.98.48.0/21
allow from 80.249.80.0/20
allow from 80.94.160.0/20
allow from 80.94.224.0/20
allow from 81.25.32.0/20
allow from 81.30.80.0/20
allow from 84.201.224.0/20
allow from 87.252.224.0/19
allow from 91.149.128.0/18
allow from 91.187.0.0/19
allow from 91.220.250.0/24
allow from 91.215.176.0/22
allow from 93.125.0.0/17
allow from 93.191.96.0/21
allow from 95.128.64.0/21
allow from 95.130.80.0/21
allow from 109.126.128.0/18
allow from 109.232.112.0/21
allow from 128.65.0.0/18
allow from 128.140.240.0/20
allow from 176.60.0.0/16
allow from 178.154.0.0/17
allow from 178.159.240.0/21
allow from 178.163.128.0/17
allow from 178.168.128.0/17
allow from 178.172.128.0/17
allow from 178.238.0.0/20
allow from 193.17.173.0/24
allow from 193.58.255.0/24
allow from 193.151.40.0/22
allow from 193.232.92.0/24
allow from 195.50.0.0/19
allow from 195.137.180.0/24
allow from 195.222.64.0/19
allow from 212.98.160.0/19
allow from 213.184.224.0/19
allow from 217.21.32.0/19
allow from 217.23.112.0/20
allow from 134.17.0.0/16
allow from 164.177.224.0/19
allow from 37.17.0.0/17
allow from 178.172.235.0/24
allow from 178.172.236.0/24
allow from 93.171.104.0/21
allow from 93.171.112.0/21
allow from 93.171.120.0/21
allow from 164.177.192.0/19
allow from 176.118.152.0/21
allow from 194.62.64.0/24
allow from 95.46.200.0/21
allow from 95.46.208.0/20
allow from 5.100.192.0/19
allow from 77.67.192.0/18
allow from 93.189.224.0/21
allow from 195.137.160.0/24
allow from 193.26.18.0/24
allow from 193.105.82.0/24
allow from 185.6.24.0/22
allow from 185.11.76.0/22
allow from 185.12.212.0/22
allow from 77.67.128.0/18
deny from all
Способ 3. Наконец, сложный способ, который запрещает иностранцам обращения к определённым страницам, а также определённые запросы в URI.
В данном случае ошибку 403 получат небелорусские пользователи, которые обращаются к сайту с запросами вида:
http://example.com/forum.html
http://example.com/component/users/?view=something
http://example.com/something/?some=register
http://example.com/index.php?some=registration
Здесь используется переменная env, которой присваивается значение denied, если выполняется любое из условий запрета. Для фильтрации запроса после вопросительного знака используется перенаправление с присваиванием временной переменной Reg значения 1. В приведённом примере фильтр реагирует на строку regist.
Замените соответствующие страницы, пути и строки совпадения на свои, в соответствии с вашими потребностями.
SetEnvIf Request_URI ^/forum\.html$ denied
SetEnvIf Request_URI ^/component/users/$ denied
RewriteCond %{QUERY_STRING} regist
RewriteRule .* - [E=Reg:1]
RewriteCond %{QUERY_STRING} regist
RewriteRule ^index.php$ -? [E=Reg:1]
SetEnvIf REDIRECT_Reg (.+) denied
order deny,allow
allow from 82.209.192.0/18
allow from 86.57.128.0/17
allow from 93.84.0.0/15
allow from 178.120.0.0/13
allow from 194.158.192.0/19
allow from 194.226.120.0/22
allow from 194.226.124.0/23
allow from 193.232.248.0/22
allow from 37.45.0.0/16
allow from 37.44.64.0/18
allow from 37.212.0.0/14
allow from 31.24.88.0/21
allow from 31.130.200.0/21
allow from 46.28.96.0/21
allow from 46.53.128.0/17
allow from 46.56.0.0/16
allow from 46.182.48.0/21
allow from 46.175.168.0/21
allow from 46.191.0.0/17
allow from 46.216.0.0/16
allow from 77.74.32.0/21
allow from 79.170.104.0/21
allow from 79.98.48.0/21
allow from 80.249.80.0/20
allow from 80.94.160.0/20
allow from 80.94.224.0/20
allow from 81.25.32.0/20
allow from 81.30.80.0/20
allow from 84.201.224.0/20
allow from 87.252.224.0/19
allow from 91.149.128.0/18
allow from 91.187.0.0/19
allow from 91.220.250.0/24
allow from 91.215.176.0/22
allow from 93.125.0.0/17
allow from 93.191.96.0/21
allow from 95.128.64.0/21
allow from 95.130.80.0/21
allow from 109.126.128.0/18
allow from 109.232.112.0/21
allow from 128.65.0.0/18
allow from 128.140.240.0/20
allow from 176.60.0.0/16
allow from 178.154.0.0/17
allow from 178.159.240.0/21
allow from 178.163.128.0/17
allow from 178.168.128.0/17
allow from 178.172.128.0/17
allow from 178.238.0.0/20
allow from 193.17.173.0/24
allow from 193.58.255.0/24
allow from 193.151.40.0/22
allow from 193.232.92.0/24
allow from 195.50.0.0/19
allow from 195.137.180.0/24
allow from 195.222.64.0/19
allow from 212.98.160.0/19
allow from 213.184.224.0/19
allow from 217.21.32.0/19
allow from 217.23.112.0/20
allow from 134.17.0.0/16
allow from 164.177.224.0/19
allow from 37.17.0.0/17
allow from 178.172.235.0/24
allow from 178.172.236.0/24
allow from 93.171.104.0/21
allow from 93.171.112.0/21
allow from 93.171.120.0/21
allow from 164.177.192.0/19
allow from 176.118.152.0/21
allow from 194.62.64.0/24
allow from 95.46.200.0/21
allow from 95.46.208.0/20
allow from 5.100.192.0/19
allow from 77.67.192.0/18
allow from 93.189.224.0/21
allow from 195.137.160.0/24
allow from 193.26.18.0/24
allow from 193.105.82.0/24
allow from 185.6.24.0/22
allow from 185.11.76.0/22
allow from 185.12.212.0/22
allow from 77.67.128.0/18
deny from env=denied
Обратите внимание, что список белорусских сетей постоянно изменяется и пополняется, поэтому списки, приведённые в данной статье, могут быть неактуальными. Актуальные списки белорусских сетей находятся
здесь.