Filtering web-traffic to specific Countries

Filtering-web-traffic-to-specific-Countries

There are numerous tools and methods to manage traffic to web servers, and here we are going to review the steps to block/allow Apache web traffic based on origin country. You can redirect or block web traffic of your client using the GeoIP module. This would be helpful in Fraud Detection, Target Content, Spam Fighting, etc.

Installing  GeoIP

GeoIP is a library that enables the user on finding the accessing IP-address’s origination.  On day-to-day server management, requirements and purposes may vary and one may need to block traffic from certain countries reaching your Apache webserver.  Here we are going to use the GeoIP module with apache in achieving the same. Installing GeoIP Library, GeoIP database, Apache GeoIP module, and the GeoIP update script.

# yum install epel-release

# yum install GeoIP GeoIP-GeoLite-data geoipupdate mod_geoip

To verify the above installaton, you can test with ‘geoiplookup’ command and it is also important to keep the GeoIP database updated and can be achieved by ‘geoipupdate’ command.  However, a cron to run ‘geoipupdate’ can be created with your frequency.

Updating Apache configuration to enable GeoIP:

Module mod_geoip handles the services in apache web server and the generic configuration file is located at /etc/httpd/conf.d/geoip.conf. 

Edit the geoip.conf file to enable GeoIP, specify the DB path and enable GeoIPScanProxy Headers.

# cat /etc/httpd/conf.d/geoip.conf

<IfModule mod_geoip.c>

GeoIPEnable On

GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

GeoIPScanProxyHeaders On

</IfModule>

#

Blocking Country:

To block countries from accessing your webserver add Deny rules in /etc/httpd/conf.d/geoip.conf . 

Example 

# cat /etc/httpd/conf.d/geoip.conf

<IfModule mod_geoip.c>

GeoIPEnable On

GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

<Directory />

SetEnvIf GEOIP_COUNTRY_CODE AN BlockCountry

SetEnvIf GEOIP_COUNTRY_CODE BL BlockCountry

# add any number of countries here based on your requirement

# you can refer to the country codes in GeoIP website.

Deny from env=BlockCountry

</Directory>

</IfModule>

#

Note: Restart apache server for any changes done to take effect.

GeoIP Country Codes

Quick Reference country codes (Mod GeoIP)

/etc/httpd/conf.d/geoip.conf

Example Usage as mentioned earlier

 SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry

Hope this helped you to redirect or block web traffic of your client using the GeoIP module. If you find any difficulty in blocking/allowing Apache web traffic we can help you.

You can check our previous blog: Remove error_log files on a cPanel server

Follow us for more updates on Facebook, Twitter

Subscribe to get free blog content to your Inbox