How To Keep a Web Site Local? 297
Cornwallis writes "The universal accessibility of the Internet is one of its attractions. But what do you do when you don't want your board to be Slashdotted? Back in the day it was great to run a local BBS where friends and neighbors could dial in using their 9600-baud modems to pick up mail or share games or stories. Now, my Web-based board gets slammed by people from all over the world who have no reason to access it, can't possibly take advantage of the locally focused services it offers, and generally take up my time because I have to block their accounts or explain to them why they can't have access. This despite the fact that the board explains quite clearly that it is for local use only and couldn't possibly be of interest to them. Other than putting thousands of entries in my hosts file to block IP ranges, what options do I have to restrict access to locals only? Or isn't that feasible?"
.htaccess (Score:5, Informative)
deny from all
allow from iprange
allow from iprange
allow from iprange
etc. etc.
There are websites all over the internet [google.com] that allow you to do country-by-IP-range lookups.
You could also do;
ErrorDocument 403 "Sorry, this website is only available to people living in
(Yes, no final quotation mark).
Or don't worry, what does it hurt if people who aren't benefiting from a website visit it?
Why use a tech solution? (Score:4, Informative)
Get some paper, pin it up around the neighbourhood with a private key. Ensure that people can't create an account or access the boards without the private key.
Am I missing something? Why use an overly technical solution when some paper and pens will fix the whole thing?
Re:.htaccess (Score:5, Informative)
You can automate it (Score:5, Informative)
If you need to be more specific, this guy [jpederson.com] has a php class that can supposedly give you information as specific as city, or you can write your own using the db you can download here [hostip.info], although I can't personally vouch for either. You could also parse the hostnames in your server and only allow service providers in your area.
Also, google code [google.com] has a really good tutorial for a client side application if your server is limited in its capabilities.
Either way, it sounds from the summary like you have access to a database of ip address ranges you want to allow. Just set up a cron job to download it and parse it.
Re:Who are locals? (Score:5, Informative)
Have a credibility check page - like checking if someone knows about a local detail that's known by the locals.
"What was the color of the church at Elm Street before 2004?"
And you may want to be careful with IP address filtering since that can result in unexpected disadvantages when a local is out traveling.
A few issues (Score:5, Informative)
Your local audience may leave the area (either on holiday or to live) but still want to talk to people back home. This means that blanket IP Range blocking is out of the question.
What I suggest is restrict viewing the website to people who are logged in. A default splash page for those not logged in could be shown that's minimal in graphics and text, containing just the log-in form and a 'register here'.
To stop unwanted people registering a new account, you could to a blanket IP ban on the registration page ONLY, meaning that a local person can register at home, and then roam to wherever and still access the site.
someone mentioned earlier this library [webhosting.info] for blocking a range of IP's by country and this PHP class [jpederson.com] that can do it too.
Just use them on the registration page and set up a redirect for those who are not logged in (regardless of location) and you should have a nice walled in forum.
Re:.htaccess (Score:5, Informative)
Re:You can automate it (Score:3, Informative)
Implementing something like this brings problems if there's no way to get around it. For instance, many multinational companies have only one point of presence on the Internet, which can be shared by offices in different countries. At the last one I worked at, the PoP was in France, so even thought I was in England many websites would appear in French, and a few "UK only" services didn't work.
Same with people on holiday, or people who use a mobile phone to access the web.
If the website really isn't interesting for non-locals why do they want to look anyway?
I found a website for people in my local area to debate local issues, the only requirement is to provide a postcode when you sign up. I don't know if it's checked, and it's easy to make one up anyway, but I doubt it's a problem anyway, who cares about the library shutting an hour earlier on Thursdays and the graffiti on the bus shelter, except the people living there?
Re:local knowedge (Score:3, Informative)
I run our town website. 1,000 registered users but very, very little spam - over seven years I think I can count the amount of spam from China and Russia on the fingers of one hand.
Two reasons. One: a completely bespoke system, hand-crafted from finest dodgy Perl and inefficient SQL. Put simply, if you're not running phpBB or something well-known like that, they're simply less likely to find you. These guys search for phrases like "powered by punBB" to find targets.
Two: postings in the news, events and ad sections require approval before they go live. Postings in the forum don't - but you can only get access to the forum by clicking through a JavaScript "I agree not to be a dick" page, which sets a cookie (yeah, I know, accessibility yadda yadda). So, again, they're less likely to find it because it doesn't show up on Google. (Oh yeah, not having frickin' Googlebot hammer the server is a plus, too.)
I realise this isn't an option for everyone, but the OP sounds reasonably tech-savvy so should be able to do similar.