Blocking country using apaches new Require directives

Question

Blocking country using apaches new Require directives

cjhmdm opened this issue 8 years ago · 3 comments

So far I have yet to be able to find a way to get mod_maxminddb working with the new apache Require directives that are replacing the allow/deny directives; is this something that's currently not possible?

Answer 1 · 2018-12-10T14:18:11.000Z

Ugh spent all night figuring this out.

Apache <If> directive along with grabbing the country code via reqenv. Remember <If> must be nested inside of a Directory or VirtualHost.

See here: https://httpd.apache.org/docs/2.4/expr.html#page-header

The below code would block anyone from France.

<Directory /var/www>
  MaxMindDBEnable On
  MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
  MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
  <If "reqenv('MM_COUNTRY_CODE') == 'FR'">
      Require all denied
  </If>
  Options Indexes FollowSymLinks
  AllowOverride None
  Require all granted
</Directory>

Answer 2 · 2018-12-10T14:21:15.000Z

This code should install everything too, assuming you already have Apache 2.4 set up.

apt-get update && apt-get install software-properties-common build-essential wget -y
add-apt-repository ppa:maxmind/ppa
apt-get update && apt-get install gcc libmaxminddb0 libmaxminddb-dev mmdb-bin -y
wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
tar -xvf GeoLite2-Country*
mkdir /usr/local/share/GeoIP
mv GeoLite2-Country*/GeoLite2-Country.mmdb /usr/local/share/GeoIP

wget https://github.com/maxmind/mod_maxminddb/releases/download/1.1.0/mod_maxminddb-1.1.0.tar.gz
tar -xvf mod_maxminddb-1.1.0.tar.gz
cd mod_maxminddb-1.1.0
./configure
make install

Answer 3 · 2019-08-23T21:08:43.000Z

Given that this seems answered, I am going to close this issue.