Security

Limit/block customer registration

By 5th November 2015June 9th, 2017No Comments

Sometimes, your site may fall victim to country specific attacks or SPAM bots. Discretely preventing access to customer registration on your server for a specific country is very straightforward, with a simple edit to your domain's ___general/example.com.conf file.

Eg. To block the country with country code aa

set $bad_request "0";
if ($request_uri ~* ^/customer/account/(create(post)?|index|login)) {
  set $bad_request "go";
}

if ($request_method = "POST") {
  set $bad_request "go${bad_request}";
}

if ($geoip_country_code ~* (aa)) {
  set $bad_request "go${bad_request}";
}

if ($bad_request = "gogogo") {
  rewrite ^(.*)$ /uk-registration-only permanent;
}

You can use Perl REGEX to match multiple country codes within a single statement.

Eg. To block multiple countries

if ($geoip_country_code ~* (aa|bb)) {
  set $bad_request "go${bad_request}";
}

Alternatively, if you want to give a discrete message, rather than an outright block (perhaps to allow for humans to contact you if there is an error), then a rewrite would be more suitable.

Eg. To redirect all registration requests to a static HTML page for visitors from country code aa

if ($bad_request = "gogogo") {
  rewrite ^(.*)$ /uk-registration-only permanent;
}

Then just make a CMS page with the path /uk-registration-only with whatever message you would like to pass to the user.