On 12/8/20 4:44 PM, Steve Wilson wrote:
I use this as the first step to limit ssh access to one of my servers: `iptables -A INPUT -p tcp -m tcp --dport 22 -m geoip ! --src-cc GB -m comment --comment "Drop SSH from outside GB" -j DROP`
Has the geoip match extension been updated to take into account MaxMind discontinuing their GeoLite database and the need to support GeoLite2?
This has the advantage that apache doesn't need to process the request, but a possible downside that you won't be able to display a message if that's a requirement.
You could probably DNAT / REDIRECT to an alternate port that is a different virtual host that serves up a 403 page.
-- Grant. . . . unix || die
