| 1 |
On 08/12/2020 22:55, thelma@×××××××××××.com wrote: |
| 2 |
> What are my options apache blocking access based on country? |
| 3 |
> So fare I run onto something "geoip" or ACL (long list of IP's provided by eg:) |
| 4 |
> https://www.ip2location.com/free/visitor-blocker |
| 5 |
> |
| 6 |
> We geoip I think I will need to install some module for apache (apache 2.2). It is using geoip.dat so it must be a long list of as well. But they are not offering any free version. |
| 7 |
> wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz (doesn't work) |
| 8 |
If you don't need to provide information in the browser to blocked |
| 9 |
users, you could look at net-firewall/xtables-addons with |
| 10 |
XTABLES_ADDONS="geoip". This will allow you to block access to apache at |
| 11 |
the network level. |
| 12 |
|
| 13 |
I use this as the first step to limit ssh access to one of my servers: |
| 14 |
`iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m |
| 15 |
comment --comment "Drop SSH from outside GB" -j DROP` |
| 16 |
|
| 17 |
This has the advantage that apache doesn't need to process the request, |
| 18 |
but a possible downside that you won't be able to display a message if |
| 19 |
that's a requirement. |
| 20 |
|
| 21 |
Steve |
Archives