On 08/12/2020 22:55, the...@sys-concept.com wrote:
What are my options apache blocking access based on country?
So fare I run onto something "geoip" or ACL (long list of IP's provided by eg:)
https://www.ip2location.com/free/visitor-blocker
We geoip I think I will need to install some module for apache (apache 2.2).
It is using geoip.dat so it must be a long list of as well. But they are not
offering any free version.
wget
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
(doesn't work)
If you don't need to provide information in the browser to blocked
users, you could look at net-firewall/xtables-addons with
XTABLES_ADDONS="geoip". This will allow you to block access to apache at
the network level.
I use this as the first step to limit ssh access to one of my servers:
`iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m
comment --comment "Drop SSH from outside GB" -j DROP`
This has the advantage that apache doesn't need to process the request,
but a possible downside that you won't be able to display a message if
that's a requirement.
Steve
