With GDPR looming I put together a stupid script to block all European Union countries from accessing a site. The trouble is I couldn't find an exhaustive list of the EU country codes.
There is a gist to get me started, however, there are comments that have not been implemented, so it's unclear what a complete list might look like.
https://gist.github.com/henrik/1688572
Has anyone got the complete list of European Union country codes including the Outer Most Territories, Special Cases and anything else I may have missed?
This what I have managed to put together so far.
EU 28
AT, Austria
BE, Belgium
BG, Bulgaria
HR, Croatia
CY, Cyprus
CZ, Czech Republic
DK, Denmark
EE, Estonia
FI, Finland
FR, France
DE, Germany
GR, Greece
HU, Hungary
IE, Ireland, Republic of (EIRE)
IT, Italy
LV, Latvia
LT, Lithuania
LU, Luxembourg
MT, Malta
NL, Netherlands
PL, Poland
PT, Portugal
RO, Romania
SK, Slovakia
SI, Slovenia
ES, Spain
SE, Sweden
GB, United Kingdom (Great Britain)
Outermost Regions: Part of EU (OMR) https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Outermost_regions
GF, French Guiana
GP, Guadeloupe
MQ, Martinique
ME, Montenegro
YT, Mayotte
RE, Réunion
MF, Saint Martin
No Code, Azores
No Code, Canary Islands
No Code, Madeira
Special Cases: Part of EU https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Special_cases_in_Europe
GI, Gibraltar
AX, Åland Islands
No Code, Büsingen am Hochrhein
No Code, Campione d'Italia and Livigno
No Code, Ceuta and Melilla
No Code, UN Buffer Zone in Cyprus
No Code, Helgoland
No Code, Mount Athos
Overseas Countries and Territories (OCT) https://en.wikipedia.org/wiki/Special_member_state_territories_and_the_European_Union#Overseas_countries_and_territories
PM, Saint Pierre and Miquelon
GL, Greenland
BL, Saint Bartelemey
SX, Sint Maarten
AW, Aruba
CW, Curacao
WF, Wallis and Futuna
PF, French Polynesia
NC, New Caledonia
TF, French Southern Territories
AI, Anguilla
BM, Bermuda
IO, British Indian Ocean Territory
VG, Virgin Islands, British
KY, Cayman Islands
FK, Falkland Islands (Malvinas)
MS, Montserrat
PN, Pitcairn
SH, Saint Helena
GS, South Georgia and the South Sandwich Islands
TC, Turks and Caicos Islands
Microstates (Not sure how these fit in) https://en.wikipedia.org/wiki/Microstates_and_the_European_Union
AD, Andorra
LI, Liechtenstein
MC, Monaco
SM, San Marino
VA, Vatican City
Other (Not sure how these fit in)
JE, Jersey
GG, Guernsey
GI, Gibraltar
European Union
EU, European Union (Not sure this is useful, is it kept up to date?)
From this list I ended up with the following .htaccess script to block the European Union from accessing a site.
I should add I have no intention of ever using this, it's was just a good bit of practice configuring apache mods and messing around with GeoIP/MaxMind.
While this case is ridiculous, I still want to implement it correctly, it may be useful for something or someone one day.
Edit Not that ridiculous apparently, today I have seen about a dozen companies already blocking EU users o_O.
In this particular case, the codes should cover EU country codes that GDPR apply to. Have I missed anything?
.htaccess
MaxMindDBEnable On
MaxMindDBFile DB /opt/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(AT|BE|BG|HR|CY|CZ|DK|EE|FI|FR|DE|GR|HU|IE|IT|LV|LT|LU|MT|NL|PL|PT|RO|SK|SI|ES|SE|GB|GI|AX|PM|GL|BL|SX|AW|CW|WF|PF|NC|TF|AI|BM|IO|VG|KY|FK|MS|PN|SH|GS|TC|IS|LI|NO|EU) BlockCountry
Deny from env=BlockCountry
Updates
GDPR also applies to parts of European Econimic Area (EEA)
IS, Iceland
LI, Liechtenstein
NO, Norway
MaxMind can return EU for some European Union IPs
EU, European Union
Not sure if it completes your list but GDPR applies to all EEA countries including those not in EU i.e. Iceland, Liechtenstein and Norway (IS,LI,NO). Additionally Maxmind may return "EU" for some European IPs.