1 |
On 08/12/2020 22:55, thelma@×××××××××××.com wrote: |
2 |
> What are my options apache blocking access based on country? |
3 |
> So fare I run onto something "geoip" or ACL (long list of IP's provided by eg:) |
4 |
> https://www.ip2location.com/free/visitor-blocker |
5 |
> |
6 |
> We geoip I think I will need to install some module for apache (apache 2.2). It is using geoip.dat so it must be a long list of as well. But they are not offering any free version. |
7 |
> wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz (doesn't work) |
8 |
If you don't need to provide information in the browser to blocked |
9 |
users, you could look at net-firewall/xtables-addons with |
10 |
XTABLES_ADDONS="geoip". This will allow you to block access to apache at |
11 |
the network level. |
12 |
|
13 |
I use this as the first step to limit ssh access to one of my servers: |
14 |
`iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m |
15 |
comment --comment "Drop SSH from outside GB" -j DROP` |
16 |
|
17 |
This has the advantage that apache doesn't need to process the request, |
18 |
but a possible downside that you won't be able to display a message if |
19 |
that's a requirement. |
20 |
|
21 |
Steve |