Skip to main content

On This Page
← AI News
AI News Cybersecurity Web Development

Blocking Unwanted Chinese Website Visitors

2 min read
Share

These articles are AI-generated summaries. Please check the original sources for full details.

Blocking Unwanted Chinese Website Visitors

The issue of unwanted traffic from Chinese visitors has become a significant concern for website operators, with automated scanners and bots wasting resources and polluting logs. A senior engineer recalls a 3 AM PagerDuty alert due to a slow, methodical, distributed scan for old struts vulnerabilities originating from Chinese IPs, highlighting the need for effective geo-blocking solutions.

Why This Matters

The majority of unwanted traffic is automated, looking for low-hanging fruit such as outdated plugins, unpatched vulnerabilities, and open admin panels. This traffic wastes resources, pollutes logs, and creates false alarms, making it essential to implement geo-blocking solutions to enhance operational hygiene. According to the engineer, this traffic can be reduced by up to 90% using the right blocking methods.

Key Insights

  • Cloudflare’s UI-based geo-blocking can block traffic by country at the edge, preventing requests from reaching origin servers.
  • Nginx can implement server-level geo-blocking using the ngx_http_geoip2_module with a MaxMind GeoIP database.
  • AWS WAF with automated threat intelligence feeds can block known malicious actors regardless of their origin, providing a comprehensive solution.

Working Example

http {
    # Define the path to your GeoIP database
    geoip2 /etc/nginx/geoip/GeoLite2-Country.mmdb {
        $geoip2_data_country_iso_code country iso_code;
    }
    # Create a map to check the country code
    # $is_blocked will be 1 if the country is CN, 0 otherwise
    map $geoip2_data_country_iso_code $is_blocked {
        default 0;
        CN 1;
    }
    server {
        listen 80;
        server_name your-awesome-app.com;
        # The actual block logic
        if ($is_blocked) {
            # Return a 444, which closes the connection without a response
            # It's cleaner and more efficient than a 403 Forbidden
            return 444;
        }
        # ... your normal server location blocks go here
        location / {
            proxy_pass http://app_backend;
        }
    }
}

Practical Applications

  • Use Case: A small team or startup can use Cloudflare’s geo-blocking feature to quickly block unwanted traffic.
  • Pitfall: Overly aggressive blocklists can sometimes include legitimate CIDR ranges, so it’s essential to test thoroughly and have a clear process for whitelisting.

References:

Continue reading

Next article

Understanding Terminal, Shell, and tmux for Efficient Development

Related Content

May 16, 2026

Optimizing Cloudflare Cache Rates: Fixing Astro SSR Headers with Nginx Map

Learn how an Nginx map directive increased Cloudflare cache rates from 1.1% to 47.3% by overriding Astro Node adapter defaults.

Read article
May 23, 2026

Detecting and Remediating Server Compromises: An Engineering Guide

Learn to identify threat actors via resource anomalies, log analysis, and the DICRP framework to prevent persistent server compromises.

Read article
Nov 16, 2025

Why TikTok Multi-Account Workflows Break

TikTok's 2025 detection system flags 80% of multi-account workflows due to shared device fingerprints and IP clusters.

Read article