Apache2 GeoIP Modul installieren
Das Apache GeoIP-Modul ermöglicht es dem Administrator, Datenverkehr je nach Standort zu blockieren oder umzuleiten.
In dieser Anleitung erfahren Sie, wie Sie das GeoIP-Modul installieren und so konfigurieren, dass es bestimmte Länder blockiert.
Installation
Als erstes installieren wir uns die benötigten Debian Pakete. Dabei werden zwei weitere Pakete geoip-database und libgeoip1 mit installiert.
root:~# apt install libapache2-mod-geoip geoip-bin
Während der Installation wird das Apache Modul mod_geoip automatisch aktiviert (a2enmod geoip).
Konfiguration
Wir haben die Möglichkeit das Modul global zu aktivieren, dazu setzen wir in der Datei /etc/apache2/mods-available/geoip.conf die Option GeoIPEnable On und entfernen den Kommentar bei Pfad zur GeoIPDBFile.
In meinem Fall möchte ich die Datei per Vhost aktivieren. Ich erstelle mir dazu die Datei /etc/apache2/custom.d/geoip.conf mit folgendem Inhalt.
Hinweis
Das Verzeichnis /etc/apache2/custom.d nutze ich für individuelle Konfigurationen, die nicht automatisch geladen werden. Wer also dieses Verzeichnis nicht hat, sollte es zuvor erstellen.
root:~# vi /etc/apache2/custom.d/geoip.conf
# File: custom.d/geoip.conf
# Created: 2023-02-16 22:48:15
# Description: Enable GeoIP configuration with defined blacklist
<IfModule mod_geoip.c>
# For performance reasons, it's not recommended to turn GeoIP on serverwide,
# but rather only in <Location> or <Directory> blocks where it's actually
# needed.
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
# enable database caching
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache
# Check if database has changed and reload it, Apache restart not necessary
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat CheckCache
# Include the Blacklist of BlockCountry
# You can use it in Location/Directory with the following definition
# <Location />
# <RequireAll>
# Require all granted
# Require not env BlockCountry
# </RequireAll>
# </Location>
Include custom.d/geoip-blocked-countries.conf
</IfModule>
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Als nächstes erstellen wir uns ebenfalls in diesem Verzeichnis die Backlist Datei /etc/apache2/custom.d/geoip-blocked-countries.conf mit folgendem Inhalt.Diese Datei wird in der zuvor erstellen Datei geoip.conf includiert.
root:~# vi /etc/apache2/custom.d/geoip-blocked-countries.conf
# File: custom.d/geoip-blocked-countries.conf
# Created: 2023-02-16 22:50:15
# Description: Blacklist of all countries based on ISO 3166-1-alpha-2 codes for GeoIP
SetEnvIf GEOIP_COUNTRY_CODE AD BlockCountry # Andorra
SetEnvIf GEOIP_COUNTRY_CODE AE BlockCountry # United Arab Emirates
SetEnvIf GEOIP_COUNTRY_CODE AF BlockCountry # Afghanistan
SetEnvIf GEOIP_COUNTRY_CODE AG BlockCountry # Antigua and Barbuda
SetEnvIf GEOIP_COUNTRY_CODE AI BlockCountry # Anguilla
SetEnvIf GEOIP_COUNTRY_CODE AL BlockCountry # Albania
SetEnvIf GEOIP_COUNTRY_CODE AM BlockCountry # Armenia
#SetEnvIf GEOIP_COUNTRY_CODE AN BlockCountry # Netherlands Antilles
SetEnvIf GEOIP_COUNTRY_CODE AO BlockCountry # Angola
SetEnvIf GEOIP_COUNTRY_CODE AQ BlockCountry # Antarctica
SetEnvIf GEOIP_COUNTRY_CODE AR BlockCountry # Argentina
SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry # American Samoa
#SetEnvIf GEOIP_COUNTRY_CODE AT BlockCountry # Austria
#SetEnvIf GEOIP_COUNTRY_CODE AU BlockCountry # Australia
SetEnvIf GEOIP_COUNTRY_CODE AW BlockCountry # Aruba
SetEnvIf GEOIP_COUNTRY_CODE AZ BlockCountry # Azerbaijan
#SetEnvIf GEOIP_COUNTRY_CODE BA BlockCountry # Bosnia and Herzegovina
SetEnvIf GEOIP_COUNTRY_CODE BB BlockCountry # Barbados
SetEnvIf GEOIP_COUNTRY_CODE BD BlockCountry # Bangladesh
#SetEnvIf GEOIP_COUNTRY_CODE BE BlockCountry # Belgium
SetEnvIf GEOIP_COUNTRY_CODE BF BlockCountry # Burkina Faso
#SetEnvIf GEOIP_COUNTRY_CODE BG BlockCountry # Bulgaria
SetEnvIf GEOIP_COUNTRY_CODE BH BlockCountry # Bahrain
SetEnvIf GEOIP_COUNTRY_CODE BI BlockCountry # Burundi
SetEnvIf GEOIP_COUNTRY_CODE BJ BlockCountry # Benin
SetEnvIf GEOIP_COUNTRY_CODE BM BlockCountry # Bermuda
SetEnvIf GEOIP_COUNTRY_CODE BN BlockCountry # Brunei Darussalam
SetEnvIf GEOIP_COUNTRY_CODE BO BlockCountry # Bolivia
SetEnvIf GEOIP_COUNTRY_CODE BR BlockCountry # Brazil
SetEnvIf GEOIP_COUNTRY_CODE BS BlockCountry # Bahamas
SetEnvIf GEOIP_COUNTRY_CODE BT BlockCountry # Bhutan
SetEnvIf GEOIP_COUNTRY_CODE BV BlockCountry # Bouvet Island
SetEnvIf GEOIP_COUNTRY_CODE BW BlockCountry # Botswana
SetEnvIf GEOIP_COUNTRY_CODE BY BlockCountry # Belarus
SetEnvIf GEOIP_COUNTRY_CODE BZ BlockCountry # Belize
#SetEnvIf GEOIP_COUNTRY_CODE CA BlockCountry # Canada
SetEnvIf GEOIP_COUNTRY_CODE CC BlockCountry # Cocos (Keeling) Islands
SetEnvIf GEOIP_COUNTRY_CODE CF BlockCountry # Central African Republic
SetEnvIf GEOIP_COUNTRY_CODE CG BlockCountry # Congo
#SetEnvIf GEOIP_COUNTRY_CODE CH BlockCountry # Switzerland
SetEnvIf GEOIP_COUNTRY_CODE CI BlockCountry # Cote D'Ivoire (Ivory Coast)
SetEnvIf GEOIP_COUNTRY_CODE CK BlockCountry # Cook Islands
SetEnvIf GEOIP_COUNTRY_CODE CL BlockCountry # Chile
SetEnvIf GEOIP_COUNTRY_CODE CM BlockCountry # Cameroon
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry # China
SetEnvIf GEOIP_COUNTRY_CODE CO BlockCountry # Colombia
SetEnvIf GEOIP_COUNTRY_CODE CR BlockCountry # Costa Rica
#SetEnvIf GEOIP_COUNTRY_CODE CS BlockCountry # Serbia and Montenegro
SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry # Cuba
SetEnvIf GEOIP_COUNTRY_CODE CV BlockCountry # Cape Verde
SetEnvIf GEOIP_COUNTRY_CODE CX BlockCountry # Christmas Island
SetEnvIf GEOIP_COUNTRY_CODE CY BlockCountry # Cyprus
SetEnvIf GEOIP_COUNTRY_CODE CZ BlockCountry # Czech Republic
#SetEnvIf GEOIP_COUNTRY_CODE DE BlockCountry # Germany
SetEnvIf GEOIP_COUNTRY_CODE DJ BlockCountry # Djibouti
#SetEnvIf GEOIP_COUNTRY_CODE DK BlockCountry # Denmark
SetEnvIf GEOIP_COUNTRY_CODE DM BlockCountry # Dominica
SetEnvIf GEOIP_COUNTRY_CODE DO BlockCountry # Dominican Republic
SetEnvIf GEOIP_COUNTRY_CODE DZ BlockCountry # Algeria
SetEnvIf GEOIP_COUNTRY_CODE EC BlockCountry # Ecuador
SetEnvIf GEOIP_COUNTRY_CODE EE BlockCountry # Estonia
SetEnvIf GEOIP_COUNTRY_CODE EG BlockCountry # Egypt
SetEnvIf GEOIP_COUNTRY_CODE EH BlockCountry # Western Sahara
SetEnvIf GEOIP_COUNTRY_CODE ER BlockCountry # Eritrea
#SetEnvIf GEOIP_COUNTRY_CODE ES BlockCountry # Spain
SetEnvIf GEOIP_COUNTRY_CODE ET BlockCountry # Ethiopia
#SetEnvIf GEOIP_COUNTRY_CODE FI BlockCountry # Finland
SetEnvIf GEOIP_COUNTRY_CODE FJ BlockCountry # Fiji
SetEnvIf GEOIP_COUNTRY_CODE FK BlockCountry # Falkland Islands (Malvinas)
SetEnvIf GEOIP_COUNTRY_CODE FM BlockCountry # Micronesia
SetEnvIf GEOIP_COUNTRY_CODE FO BlockCountry # Faroe Islands
#SetEnvIf GEOIP_COUNTRY_CODE FR BlockCountry # France
#SetEnvIf GEOIP_COUNTRY_CODE FX BlockCountry # France, Metropolitan
SetEnvIf GEOIP_COUNTRY_CODE GA BlockCountry # Gabon
#SetEnvIf GEOIP_COUNTRY_CODE GB BlockCountry # Great Britain (UK)
SetEnvIf GEOIP_COUNTRY_CODE GD BlockCountry # Grenada
SetEnvIf GEOIP_COUNTRY_CODE GE BlockCountry # Georgia
SetEnvIf GEOIP_COUNTRY_CODE GF BlockCountry # French Guiana
SetEnvIf GEOIP_COUNTRY_CODE GH BlockCountry # Ghana
SetEnvIf GEOIP_COUNTRY_CODE GI BlockCountry # Gibraltar
#SetEnvIf GEOIP_COUNTRY_CODE GL BlockCountry # Greenland
SetEnvIf GEOIP_COUNTRY_CODE GM BlockCountry # Gambia
SetEnvIf GEOIP_COUNTRY_CODE GN BlockCountry # Guinea
SetEnvIf GEOIP_COUNTRY_CODE GP BlockCountry # Guadeloupe
SetEnvIf GEOIP_COUNTRY_CODE GQ BlockCountry # Equatorial Guinea
#SetEnvIf GEOIP_COUNTRY_CODE GR BlockCountry # Greece
SetEnvIf GEOIP_COUNTRY_CODE GS BlockCountry # S. Georgia and S. Sandwich Isls.
SetEnvIf GEOIP_COUNTRY_CODE GT BlockCountry # Guatemala
SetEnvIf GEOIP_COUNTRY_CODE GU BlockCountry # Guam
SetEnvIf GEOIP_COUNTRY_CODE GW BlockCountry # Guinea-Bissau
SetEnvIf GEOIP_COUNTRY_CODE GY BlockCountry # Guyana
SetEnvIf GEOIP_COUNTRY_CODE HK BlockCountry # Hong Kong
SetEnvIf GEOIP_COUNTRY_CODE HM BlockCountry # Heard and McDonald Islands
SetEnvIf GEOIP_COUNTRY_CODE HN BlockCountry # Honduras
#SetEnvIf GEOIP_COUNTRY_CODE HR BlockCountry # Croatia (Hrvatska)
SetEnvIf GEOIP_COUNTRY_CODE HT BlockCountry # Haiti
#SetEnvIf GEOIP_COUNTRY_CODE HU BlockCountry # Hungary
SetEnvIf GEOIP_COUNTRY_CODE ID BlockCountry # Indonesia
#SetEnvIf GEOIP_COUNTRY_CODE IE BlockCountry # Ireland
SetEnvIf GEOIP_COUNTRY_CODE IL BlockCountry # Israel
SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry # India
SetEnvIf GEOIP_COUNTRY_CODE IO BlockCountry # British Indian Ocean Territory
SetEnvIf GEOIP_COUNTRY_CODE IQ BlockCountry # Iraq
SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry # Iran
#SetEnvIf GEOIP_COUNTRY_CODE IS BlockCountry # Iceland
#SetEnvIf GEOIP_COUNTRY_CODE IT BlockCountry # Italy
SetEnvIf GEOIP_COUNTRY_CODE JM BlockCountry # Jamaica
SetEnvIf GEOIP_COUNTRY_CODE JO BlockCountry # Jordan
SetEnvIf GEOIP_COUNTRY_CODE JP BlockCountry # Japan
SetEnvIf GEOIP_COUNTRY_CODE KE BlockCountry # Kenya
SetEnvIf GEOIP_COUNTRY_CODE KG BlockCountry # Kyrgyzstan
SetEnvIf GEOIP_COUNTRY_CODE KH BlockCountry # Cambodia
SetEnvIf GEOIP_COUNTRY_CODE KI BlockCountry # Kiribati
SetEnvIf GEOIP_COUNTRY_CODE KM BlockCountry # Comoros
SetEnvIf GEOIP_COUNTRY_CODE KN BlockCountry # Saint Kitts and Nevis
SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry # Korea (North)
SetEnvIf GEOIP_COUNTRY_CODE KR BlockCountry # Korea (South)
SetEnvIf GEOIP_COUNTRY_CODE KW BlockCountry # Kuwait
SetEnvIf GEOIP_COUNTRY_CODE KY BlockCountry # Cayman Islands
SetEnvIf GEOIP_COUNTRY_CODE KZ BlockCountry # Kazakhstan
SetEnvIf GEOIP_COUNTRY_CODE LA BlockCountry # Laos
SetEnvIf GEOIP_COUNTRY_CODE LB BlockCountry # Lebanon
SetEnvIf GEOIP_COUNTRY_CODE LC BlockCountry # Saint Lucia
#SetEnvIf GEOIP_COUNTRY_CODE LI BlockCountry # Liechtenstein
SetEnvIf GEOIP_COUNTRY_CODE LK BlockCountry # Sri Lanka
SetEnvIf GEOIP_COUNTRY_CODE LR BlockCountry # Liberia
SetEnvIf GEOIP_COUNTRY_CODE LS BlockCountry # Lesotho
SetEnvIf GEOIP_COUNTRY_CODE LT BlockCountry # Lithuania
#SetEnvIf GEOIP_COUNTRY_CODE LU BlockCountry # Luxembourg
SetEnvIf GEOIP_COUNTRY_CODE LV BlockCountry # Latvia
SetEnvIf GEOIP_COUNTRY_CODE LY BlockCountry # Libya
SetEnvIf GEOIP_COUNTRY_CODE MA BlockCountry # Morocco
#SetEnvIf GEOIP_COUNTRY_CODE MC BlockCountry # Monaco
SetEnvIf GEOIP_COUNTRY_CODE MD BlockCountry # Moldova
SetEnvIf GEOIP_COUNTRY_CODE MG BlockCountry # Madagascar
SetEnvIf GEOIP_COUNTRY_CODE MH BlockCountry # Marshall Islands
#SetEnvIf GEOIP_COUNTRY_CODE MK BlockCountry # Macedonia
SetEnvIf GEOIP_COUNTRY_CODE ML BlockCountry # Mali
SetEnvIf GEOIP_COUNTRY_CODE MM BlockCountry # Myanmar
SetEnvIf GEOIP_COUNTRY_CODE MN BlockCountry # Mongolia
SetEnvIf GEOIP_COUNTRY_CODE MO BlockCountry # Macau
SetEnvIf GEOIP_COUNTRY_CODE MP BlockCountry # Northern Mariana Islands
SetEnvIf GEOIP_COUNTRY_CODE MQ BlockCountry # Martinique
SetEnvIf GEOIP_COUNTRY_CODE MR BlockCountry # Mauritania
SetEnvIf GEOIP_COUNTRY_CODE MS BlockCountry # Montserrat
#SetEnvIf GEOIP_COUNTRY_CODE MT BlockCountry # Malta
SetEnvIf GEOIP_COUNTRY_CODE MU BlockCountry # Mauritius
SetEnvIf GEOIP_COUNTRY_CODE MV BlockCountry # Maldives
SetEnvIf GEOIP_COUNTRY_CODE MW BlockCountry # Malawi
SetEnvIf GEOIP_COUNTRY_CODE MX BlockCountry # Mexico
SetEnvIf GEOIP_COUNTRY_CODE MY BlockCountry # Malaysia
SetEnvIf GEOIP_COUNTRY_CODE MZ BlockCountry # Mozambique
SetEnvIf GEOIP_COUNTRY_CODE NA BlockCountry # Namibia
SetEnvIf GEOIP_COUNTRY_CODE NC BlockCountry # New Caledonia
SetEnvIf GEOIP_COUNTRY_CODE NE BlockCountry # Niger
SetEnvIf GEOIP_COUNTRY_CODE NF BlockCountry # Norfolk Island
SetEnvIf GEOIP_COUNTRY_CODE NG BlockCountry # Nigeria
SetEnvIf GEOIP_COUNTRY_CODE NI BlockCountry # Nicaragua
#SetEnvIf GEOIP_COUNTRY_CODE NL BlockCountry # Netherlands
#SetEnvIf GEOIP_COUNTRY_CODE NO BlockCountry # Norway
SetEnvIf GEOIP_COUNTRY_CODE NP BlockCountry # Nepal
SetEnvIf GEOIP_COUNTRY_CODE NR BlockCountry # Nauru
SetEnvIf GEOIP_COUNTRY_CODE NT BlockCountry # Neutral Zone
SetEnvIf GEOIP_COUNTRY_CODE NU BlockCountry # Niue
SetEnvIf GEOIP_COUNTRY_CODE NZ BlockCountry # New Zealand (Aotearoa)
SetEnvIf GEOIP_COUNTRY_CODE OM BlockCountry # Oman
SetEnvIf GEOIP_COUNTRY_CODE PA BlockCountry # Panama
SetEnvIf GEOIP_COUNTRY_CODE PE BlockCountry # Peru
SetEnvIf GEOIP_COUNTRY_CODE PF BlockCountry # French Polynesia
SetEnvIf GEOIP_COUNTRY_CODE PG BlockCountry # Papua New Guinea
SetEnvIf GEOIP_COUNTRY_CODE PH BlockCountry # Philippines
SetEnvIf GEOIP_COUNTRY_CODE PK BlockCountry # Pakistan
#SetEnvIf GEOIP_COUNTRY_CODE PL BlockCountry # Poland
SetEnvIf GEOIP_COUNTRY_CODE PM BlockCountry # St. Pierre and Miquelon
SetEnvIf GEOIP_COUNTRY_CODE PN BlockCountry # Pitcairn
SetEnvIf GEOIP_COUNTRY_CODE PR BlockCountry # Puerto Rico
#SetEnvIf GEOIP_COUNTRY_CODE PT BlockCountry # Portugal
SetEnvIf GEOIP_COUNTRY_CODE PW BlockCountry # Palau
SetEnvIf GEOIP_COUNTRY_CODE PY BlockCountry # Paraguay
SetEnvIf GEOIP_COUNTRY_CODE QA BlockCountry # Qatar
SetEnvIf GEOIP_COUNTRY_CODE RE BlockCountry # Reunion
#SetEnvIf GEOIP_COUNTRY_CODE RO BlockCountry # Romania
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry # Russian Federation
SetEnvIf GEOIP_COUNTRY_CODE RW BlockCountry # Rwanda
SetEnvIf GEOIP_COUNTRY_CODE SA BlockCountry # Saudi Arabia
SetEnvIf GEOIP_COUNTRY_CODE Sb BlockCountry # Solomon Islands
SetEnvIf GEOIP_COUNTRY_CODE SC BlockCountry # Seychelles
SetEnvIf GEOIP_COUNTRY_CODE SD BlockCountry # Sudan
#SetEnvIf GEOIP_COUNTRY_CODE SE BlockCountry # Sweden
SetEnvIf GEOIP_COUNTRY_CODE SG BlockCountry # Singapore
SetEnvIf GEOIP_COUNTRY_CODE SH BlockCountry # St. Helena
#SetEnvIf GEOIP_COUNTRY_CODE SI BlockCountry # Slovenia
SetEnvIf GEOIP_COUNTRY_CODE SJ BlockCountry # Svalbard and Jan Mayen Islands
#SetEnvIf GEOIP_COUNTRY_CODE SK BlockCountry # Slovak Republic
SetEnvIf GEOIP_COUNTRY_CODE SL BlockCountry # Sierra Leone
SetEnvIf GEOIP_COUNTRY_CODE SM BlockCountry # San Marino
SetEnvIf GEOIP_COUNTRY_CODE SN BlockCountry # Senegal
SetEnvIf GEOIP_COUNTRY_CODE SO BlockCountry # Somalia
SetEnvIf GEOIP_COUNTRY_CODE SR BlockCountry # Suriname
SetEnvIf GEOIP_COUNTRY_CODE ST BlockCountry # Sao Tome and Principe
SetEnvIf GEOIP_COUNTRY_CODE SU BlockCountry # USSR (former)
SetEnvIf GEOIP_COUNTRY_CODE SV BlockCountry # El Salvador
SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry # Syria
SetEnvIf GEOIP_COUNTRY_CODE SZ BlockCountry # Swaziland
SetEnvIf GEOIP_COUNTRY_CODE TC BlockCountry # Turks and Caicos Islands
SetEnvIf GEOIP_COUNTRY_CODE TD BlockCountry # Chad
SetEnvIf GEOIP_COUNTRY_CODE TF BlockCountry # French Southern Territories
SetEnvIf GEOIP_COUNTRY_CODE TG BlockCountry # Togo
SetEnvIf GEOIP_COUNTRY_CODE TH BlockCountry # Thailand
SetEnvIf GEOIP_COUNTRY_CODE TJ BlockCountry # Tajikistan
SetEnvIf GEOIP_COUNTRY_CODE TK BlockCountry # Tokelau
SetEnvIf GEOIP_COUNTRY_CODE TM BlockCountry # Turkmenistan
SetEnvIf GEOIP_COUNTRY_CODE TN BlockCountry # Tunisia
SetEnvIf GEOIP_COUNTRY_CODE TO BlockCountry # Tonga
SetEnvIf GEOIP_COUNTRY_CODE TP BlockCountry # East Timor
#SetEnvIf GEOIP_COUNTRY_CODE TR BlockCountry # Turkey
SetEnvIf GEOIP_COUNTRY_CODE TT BlockCountry # Trinidad and Tobago
SetEnvIf GEOIP_COUNTRY_CODE TV BlockCountry # Tuvalu
SetEnvIf GEOIP_COUNTRY_CODE TW BlockCountry # Taiwan
SetEnvIf GEOIP_COUNTRY_CODE TZ BlockCountry # Tanzania
#SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry # Ukraine
SetEnvIf GEOIP_COUNTRY_CODE UG BlockCountry # Uganda
#SetEnvIf GEOIP_COUNTRY_CODE UK BlockCountry # United Kingdom
#SetEnvIf GEOIP_COUNTRY_CODE UM BlockCountry # US Minor Outlying Islands
#SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry # United States
SetEnvIf GEOIP_COUNTRY_CODE UY BlockCountry # Uruguay
SetEnvIf GEOIP_COUNTRY_CODE UZ BlockCountry # Uzbekistan
#SetEnvIf GEOIP_COUNTRY_CODE VA BlockCountry # Vatican City State (Holy See)
SetEnvIf GEOIP_COUNTRY_CODE VC BlockCountry # Saint Vincent and the Grenadines
SetEnvIf GEOIP_COUNTRY_CODE VE BlockCountry # Venezuela
SetEnvIf GEOIP_COUNTRY_CODE VG BlockCountry # Virgin Islands (British)
SetEnvIf GEOIP_COUNTRY_CODE VI BlockCountry # Virgin Islands (U.S.)
SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry # Viet Nam
SetEnvIf GEOIP_COUNTRY_CODE VU BlockCountry # Vanuatu
SetEnvIf GEOIP_COUNTRY_CODE WF BlockCountry # Wallis and Futuna Islands
SetEnvIf GEOIP_COUNTRY_CODE WS BlockCountry # Samoa
SetEnvIf GEOIP_COUNTRY_CODE YE BlockCountry # Yemen
SetEnvIf GEOIP_COUNTRY_CODE YT BlockCountry # Mayotte
SetEnvIf GEOIP_COUNTRY_CODE YU BlockCountry # Yugoslavia
SetEnvIf GEOIP_COUNTRY_CODE ZA BlockCountry # South Africa
SetEnvIf GEOIP_COUNTRY_CODE ZM BlockCountry # Zambia
SetEnvIf GEOIP_COUNTRY_CODE ZR BlockCountry # Zaire
SetEnvIf GEOIP_COUNTRY_CODE ZW BlockCountry # Zimbabwe
# vim: syntax=apache ts=4 sw=4 sts=4 sr noet
Nachdem wir nun auch die Blacklist erstellt haben, können wir die Datei /etc/apache2/custom.d/geoip.conf in den jeweils gewünschten Vhost einbinden.
<VirtualHost *:443>
....
# Enable GeoIP blacklist (BlockCountry)
Include custom.d/geoip.conf
# Allow only access from these locations
# and ban the GeoIP's from the blacklist
<Location />
<RequireAll>
Require all granted
Require not env BlockCountry
<RequireAny>
Require all denied
Require host localhost
</RequireAny>
</RequireAll>
</Location>
....
</VirtualHost>
GeoIP Datenbank aktualisieren
Schon die installierte GeoIP.dat ist nicht aktuell. Damit wir die neuste GeoIP Datenbank nutzen, können wir uns dieses Skript nutzen um die neuste GeoIP Datenbank Datei herunter zu laden.
#!/bin/bash
# $File: get_geoipdb.sh $
# $Author: mschulz $ - $Date: 2023-02-15 11:37:14 +0200 (Mi, 15 Feb 2023) $
# $Description: Script to download the latest GeoIP database. $
# *******************************************************
# [GLOBAL CONFIGURATION]
#
# Configuration variables as cfg assoc array
declare -A cfg
# Path to the download directory, where GeoIP database is stored
cfg[downloaddir]="/usr/share/GeoIP"
# Download Page for GeoIP database
cfg[downloadpage]="https://mailfud.org/geoip-legacy"
# Path to the version file
cfg[versionfile]="${cfg[downloaddir]}/version.log"
# Notification recipient address
cfg[recipient]="root@localhost"
# Notification subject
cfg[subject]="[${LOGNAME}@$(hostname)] Renew GeoIP database"
# Successfuly notification message
cfg[messageok]="A new version from %s of the GeoIP Database was successfuly installed on your system."
# Failure notification message
cfg[messagefail]="Can't download an install the latest version from %s of the GeoIP Database."
# *******************************************************
# This function connect to the GeoIP website and get
# the latest version string.
#
# @params $1 - The GeoIP page
# @return string
#
function get_latest_version() {
curl -s ${1}/ | \
perl -n -e 'print $1 if ($_ =~ m#Latest update: <b>([^<]+)</b>#g)'
}
# *******************************************************
# This function download the latest GeoIP database file.
#
# @params $1 - The GeoIP page
# @params $2 - The download directory
# @return bool
#
function download_latest_version() {
local page=$1
local dir=$2
curl -s ${page}/GeoIP.dat.gz --output ${dir}/GeoIP.dat.gz
return $?
}
# *******************************************************
# This function unzip the latest GeoIP database file.
#
# @params $1 - The download directory
# @return bool
#
function unzip_latest_version() {
cd ${1}/ && gunzip -q -f GeoIP.dat.gz
return $?
}
# *******************************************************
# This function backup the current GeoIP database file.
#
# @params $1 - The download directory
# @return bool
#
function backup_current_version() {
if [ -f ${1}/GeoIP.dat ]; then
cp -p ${1}/GeoIP.dat ${1}/GeoIP_$(date +%Y-%m-%d).dat
fi
return $?
}
# *******************************************************
# This function send a notify message
#
# @param: string $1 - The recipient mailaddress
# @param: string $2 - The message subject
# @param: string $3 - The headline message
# @return: void
#
function send_notify() {
local mailaddr="$1"
local subject="$2"
local message="$3"
if ! echo $0 | egrep -q '/' ; then prog=$( which $0 ); else prog=$0; fi
local body="$( sed -n '2,4p' $prog | sed 's/^# //g' )"
[ -f "${message}" ] && body="${body}\n\n$(cat $message 2>/dev/null)" || body="${body}\n\n${message}"
echo -e "${body}" | mail -s "${subject}" ${mailaddr}
}
# *******************************************************
# MAIN
# Get a clean exit
trap "rm -f ${cfg[versionfile]}.tmp" EXIT
# Defaul variable, if new version of the GeoIP database was downloaded
new=0
# Default exit code
ecode=0
# If no version file exist, we download GeoIP database
if [ ! -f "${cfg[versionfile]}" ]; then
# Write latest version into version file
get_latest_version "${cfg[downloadpage]}" >${cfg[versionfile]}
version=$(cat ${cfg[versionfile]})
# Backup the current GeoIP database file
if backup_current_version "${cfg[downloaddir]}"; then
# Donwload the latest GeoIP database
if download_latest_version "${cfg[downloadpage]}" "${cfg[downloaddir]}"; then
# Go into the download directory and unzip the GeoIP database file
if unzip_latest_version "${cfg[downloaddir]}"; then
# Set new to 1
new=1
else
ecode=1
fi
else
ecode=2
fi
else
ecode=3
fi
else
# Get our version as md5 hash
ourversion=$(md5sum ${cfg[versionfile]} | awk '{print $1}')
# Download latest version
get_latest_version "${cfg[downloadpage]}" >${cfg[versionfile]}.tmp
# Get website version as md5 hash
newversion=$(md5sum ${cfg[versionfile]}.tmp | awk '{print $1}')
version=$(cat ${cfg[versionfile]}.tmp)
# If we have not the same hash, we have a newer version to download
if [ "${ourversion}" != "${newversion}" ]; then
# Backup the current GeoIP database file
if backup_current_version "${cfg[downloaddir]}"; then
# Donwload the latest GeoIP database
if download_latest_version "${cfg[downloadpage]}" "${cfg[downloaddir]}"; then
# Go into the download directory and unzip the GeoIP database file
if unzip_latest_version "${cfg[downloaddir]}"; then
# Set the downloaded version file as our new version file
cp ${cfg[versionfile]}.tmp ${cfg[versionfile]}
# Set new to 1
new=1
else
ecode=1
fi
else
ecode=2
fi
else
ecode=3
fi
fi
fi
# Send error message, if we can't download the GeoIP database
if [ ${ecode} -ne 0 ]; then
msg=$(printf "${cfg[messagefail]}" "${version}")
send_notify "${cfg[recipient]}" "${cfg[subject]} ERROR" "${msg}"
else
# Send notification message, if we have successfuly downloaded the GeoIP database
if [ ${new} -eq 1 ]; then
msg=$(printf "${cfg[messageok]}" "${version}")
send_notify "${cfg[recipient]}" "${cfg[subject]} OK" "${msg}"
fi
fi
# Finish the script
exit ${ecode}
# vim: syntax=bash ts=2 sw=2 sts=2 sr noet
# EOF
Nun erstellen wir uns noch einen Cronjob, damit die GeoIP Datenbank Datei automatisch aktualisiert wird.
root:~# crontab -e
....
# date: 2023-02-16 23:25 - description: Download latest GeoIP database file.
20 1 * * * /usr/local/sbin/get_geoipdb.sh >/dev/null 2>&1
#
...