Whitelist is being ignored

Question

Whitelist is being ignored

p1r473 opened this issue 5 years ago · 1 comments

Hi all! Thanks for taking a look at my issue

I am in Canada, and wish to either whitelist my site on CA|US or blacklist my site on CN|RU|KP|IQ|IR|SY (and any other you might recommend)

My GeoIPUpdate license is working

root@TinkerBoardS:~ # geoipupdate -v
Using config file /usr/local/etc/GeoIP.conf
Using database directory /usr/local/share/GeoIP
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-ASN
Acquired lock file lock (/usr/local/share/GeoIP/.geoipupdate.lock)
Calculated MD5 sum for /usr/local/share/GeoIP/GeoLite2-ASN.mmdb: d3f7566ad5ec09c3a22ca702b307fa20
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-ASN/update?db_md5=d3f7566ad5ec09c3a22ca702b307fa20
No new updates available for GeoLite2-ASN
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-City
Acquired lock file lock (/usr/local/share/GeoIP/.geoipupdate.lock)
Calculated MD5 sum for /usr/local/share/GeoIP/GeoLite2-City.mmdb: dec21cf79f69531e0faba0a2dc5433af
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-City/update?db_md5=dec21cf79f69531e0faba0a2dc5433af
No new updates available for GeoLite2-City
Performing get filename request to https://updates.maxmind.com/app/update_getfilename?product_id=GeoLite2-Country
Acquired lock file lock (/usr/local/share/GeoIP/.geoipupdate.lock)
Calculated MD5 sum for /usr/local/share/GeoIP/GeoLite2-Country.mmdb: e3b78fe3d3bce40d2ad106015c22c335
Performing update request to https://updates.maxmind.com/geoip/databases/GeoLite2-Country/update?db_md5=e3b78fe3d3bce40d2ad106015c22c335
No new updates available for GeoLite2-Country

I have done all the maxmind stuff directly in
so I won't show 000-default-le-ssl.conf 000-default.conf default-ssl.conf unless requested

I have already run a2enmod maxminddb

My /etc/apache2/mods-available/maxminddb.conf:

<IfModule mod_maxminddb.c>
	MaxMindDBEnable On
	MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
	MaxMindDBFile CITY_DB /usr/local/share/GeoIP/GeoLite2-City.mmdb

	MaxMindDBEnv COUNTRY_CODE COUNTRY_DB/country/iso_code
	MaxMindDBEnv REGION_CODE CITY_DB/subdivisions/0/iso_code

	#MaxMindDBEnv MM_COUNTRY_NAME CITY_DB/country/names/en
	#MaxMindDBEnv MM_CITY_NAME CITY_DB/city/names/en
	#MaxMindDBEnv MM_LONGITUDE CITY_DB/location/longitude
	#MaxMindDBEnv MM_LATITUDE CITY_DB/location/latitude
</IfModule>

File system:

root@TinkerBoardS:/var/www # tree
.
├── apache
│   ├── calendar
│   │   ├── DavLock
│   │   └── index.html
│   └── public
│       ├── index.html
│       ├── index.php
│       └── itworks.txt
├── cgi-bin
└── html
    LOTS OF STUFF HERE SO JUST HIDING SOME
    ├── index.html
    ├── index.lighttpd.orig
    └── pihole
        ├── blockingpage.css
        └── index.php

The important stuff out of my /etc/apache2/apache2.conf:

# Include module configuration:
IncludeOptional mods-enabled/*.load
IncludeOptional mods-enabled/*.conf

# Include list of ports to listen on
Include ports.conf

# FollowSymLinks is less restrictive than SymLinksIfOwnerMatch - the file owner has to match
<Directory />
	Options SymLinksIfOwnerMatch
	AllowOverride None
	Require all denied
</Directory>

<Directory /usr/share>
	AllowOverride None
	Require all granted
</Directory>

#Options Indexes provides directory listing
<Directory /var/www/>
        Options Indexes SymLinksIfOwnerMatch
        AllowOverride None
        Require all granted
	<IfModule mod_maxminddb.c>
		MaxMindDBEnable On
		MaxMindDBFile DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
		MaxMindDBEnv MM_COUNTRY_CODE DB/country/iso_code
		#SetEnvIf MM_COUNTRY_CODE ^(CN|RU|KP|IQ|IR|SY) BlockCountry
		#Deny from env=BlockCountry
		SetEnvIf MM_COUNTRY_CODE ^(CA|US) AllowCountry
		Allow from env=AllowCountry
	</IfModule>
</Directory>

<Directory /var/www/apache/public>
        Options Indexes SymLinksIfOwnerMatch
        AllowOverride None
        Require all granted
</Directory>

<Directory /var/www/apache/public/calendar/>
        Options Indexes SymLinksIfOwnerMatch
        AllowOverride none
	<RequireAny>
	   	Require ip 127.0.0
		Require ip 192.168
	</RequireAny>
</Directory>

#<Directory /srv/>
#	Options Indexes SymLinksIfOwnerMatch
#	AllowOverride None
#	Require all granted
#</Directory>

ServerName localhost  

# AccessFileName: The name of the file to look for in each directory
# for additional configuration directives.  See also the AllowOverride
# directive.
#
AccessFileName .htaccess

#
# The following lines prevent .htaccess and .htpasswd files from being
# viewed by Web clients.
#
<FilesMatch "^\.ht">
	Require all denied
</FilesMatch>

The results:

It seems the whitelist is ignored.

Answer 1 · 2020-04-25T05:16:44.000Z

Here were my installation steps

wget -O /home/linaro/geoipupdate_4.3.0_linux_armv6.tar.gz https://github.com/maxmind/geoipupdate/releases/download/v4.3.0/geoipupdate_4.3.0_linux_armv6.tar.gz
tar -xvzf /home/linaro/geoipupdate_4.3.0_linux_armv6.tar.gz -C /home/linaro/
cp /home/linaro/geoipupdate_4.3.0_linux_armv6/geoipupdate /usr/local/bin

wget -O /home/linaro/mod_maxminddb-1.2.0.tar.gz https://github.com/maxmind/mod_maxminddb/releases/download/1.2.0/mod_maxminddb-1.2.0.tar.gz
tar -xvzf /home/linaro/mod_maxminddb-1.2.0.tar.gz -C /home/linaro/
cd /home/linaro/mod_maxminddb-1.2.0/
./configure
make install

wget -O /home/linaro/libmaxminddb-1.4.2.tar.gz https://github.com/maxmind/libmaxminddb/releases/download/1.4.2/libmaxminddb-1.4.2.tar.gz
tar -xvzf /home/linaro/libmaxminddb-1.4.2.tar.gz -C /home/linaro/
cd /home/linaro/libmaxminddb-1.4.2
./configure
make
make check
make install
sh -c "echo /usr/local/lib  >> /etc/ld.so.conf.d/local.conf"
ldconfig