I am doing some work for this Web Hosting company and have faced a very kind of odd situation! a customer who is based in Asia, Japan, i think has demanded to restric all traffic from Japan excepot for a few blocks to their web server. there is a Firewall in front of their server and then the web Hosting company's core router and an OC3 circuit to the Internet.
If i want to put deny statement and ACLs for all thos eblaks, well there will be no router or firewall to be able to process that plus very slow and tedious task.
I was wondering if you guys can direct me to a right approach please?
Yes, I believe you cannot put rules in a router to drop all traffic from non-Japan users. You would have to know all the IP addresses from Japan and the IP numbering scheme is not as flat as the one used in old telephone systems for example (where there is a country code and we are done). There can be many many blocks and this would be an impossible configuration. Summarization would not be of much help, because even the supernets can be a lot. This kind of information could be available by the local registry that gives out IP addresses for Japan (I would not even dare to take a look at it). And yet, traffic could still reach your router only to be dropped and those packets that correspond to users would not be served.
A better way is to direct non-Japanese users to the non-Japanese box to get their service there and the Japanese to the Japanese box. This way no traffic needs to be dropped, everybody gets the service they requested and load is balanced between the servers. I would suggest you talked to people familiar with server load balancing issues and people that develop the website content. Some things that look very cumbersome to configure at the network layer can be done very efficiently at the application layer with just having a user choose between "English" or "Japanese" and redirecting the browser to the appropriate server. The web developers could put in the webpage code the different servers according to language selection by the user and you would be done.