This question has obviously been asked many times in many different forms, but I can't find an actual answer to the specific plan I've got. We run a popular European Commercial deals site, and are getting a large amount of incoming registrations/traffic from countries who cannot even take part in the deals we offer (and many of the retailers aren't even known outside Western Europe).
I've identified the problem area to block a lot of this traffic, but (as expected) there are thousands of IP ranges required.
My question now (finally!). On a test server, I created a script to block each range within iptables, but the amount of time it took to add the rules was large, and then iptables was unresponsive after this (especially when attempting a iptables -L).
What is the most efficient way of blocking large numbers of IP ranges:
- iptables? Or a plugin where I can preload them efficiantly?
- hosts.deny?
- .htaccess (nasty as I'd be running it in apache on every load balanced web server)?