I have a personal blog which gets just a handful of legit hits every day. It's in my (non-english) native language so I'm not interested in traffic from outside my country in any way. I'm not selling anything. I don't have ads. There's no monetization going on. I would lose nothing by blocking such traffic.
Yet the site gets tons of traffic from all over the world. All attempts at trying to find a vulnerability. I have fail2ban installed and that stops attempts from single IP addresses, but it's too little too late. I simply want to block all traffic from outside my country.
Yes, I know that attackers exist in my country as well, but that's fine. This is not a question about stopping all malicious traffic. It's about stopping foreign traffic. As it is right now, for every legit hit, there are about a thousand non-legit (foreign) hits.
Now I know there are tons of geo-based IP lists out there. But I really would like to avoid having to use huge lists. I generated a list of IP ranges (to allow access) for my country and the list was almost 150,000 lines long.
Ideally, I would like an apache module that would do something like a reverse lookup of the incoming IP address to find out from which country the request originates. If it's from outside my country, the request is blocked.
I've search the interwebs but wasn't able to find something like this. Does such a thing exists at all? Or is there another way to do this?
If it can't be done, I will probably route all logging through a Perl script, filtering out all non-native traffic. That at least gives me clean log files...
