January 15, 2025
Linux

Setup GeoIP Block using Apache 2023

AmritMattiby AmritMatti
ubuntu

Apache installed and configured.

Install GeoIP Module

Install the GeoIP module for Apache using the following command.

sudo apt install libapache2-mod-geoip

This command will install the required module for Apache.

Enable GeoIP

There are 2 methods to enable GeoIP. If you wish to enable GeoIP server wide you can follow the method 1. This method will have some performance issues.

You can also enable GeoIP from your virtual host configuration.

Method 1 – Server Wide Configuration

Once the module is installed edit the module configuration and make changes as listed below.

Edit the file module configuration file.

sudo nano /etc/apache2/mods-available/geoip.conf
  • Set the line GeoIPEnable from Off to On.
  • Uncomment the GeoIPDBFile line.

Your final file should look like below.

<IfModule mod_geoip.c>
  GeoIPEnable On
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>

Save and exit the file.

Enable module.

sudo a2enmod geoip

Method 2 – Virtual Host Configuration

As you have the module installed you should have the GeoIP database installed. So you can just edit your virtual host configuration and make the following changes.

Edit your virtual host configuration.

sudo nano /etc/apache2/sites-available/virtualhost.conf

Add the following below the ServerAlias directive.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
GeoIPScanProxyHeaders On

Save and exit the file.

Restart Apache

Check if the configuration is correct and restart Apache.

sudo apachectl configtest
sudo service apache2 restart

Now you have GeoIP enabled.

Manage Restrictions

Block Certain Countries

Create or open the .htaccess file which is inside your web root directory and add the following snippet to block countries.

SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry
Deny from env=BlockCountry

The above configuration will block requests from the above 2 countries. You can include as per your wish.

Also, read How to install letsencrypt for reverse proxy in Ubuntu.

Allow Certain Countries

Create or open the .htaccess file which is inside your web root directory and add the following snippet to allow countries.

SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
Deny from all

Allow from env=AllowCountry

The above configuration will allow requests only from the above 2 countries. You can include as per your wish.

You can find the list of Country codes from the official maxmind database.

AmritMatti

I’m the owner of “DevOpsTechy.online” and been in the industry for almost 5 years. What I’ve noticed particularly about the industry is that it reacts slowly to the rapidly changing world of technology. I’ve done my best to introduce new technology into the community with the hopes that more technology can be utilized to serve our customers. I’m going to educate and at times demonstrate that technology can help businesses innovate and thrive. Throwing in a little bit of fun and entertainment couldn’t hurt right?

AmritMatti

I’m the owner of “DevOpsTechy.online” and been in the industry for almost 5 years. What I’ve noticed particularly about the industry is that it reacts slowly to the rapidly changing world of technology. I’ve done my best to introduce new technology into the community with the hopes that more technology can be utilized to serve our customers. I’m going to educate and at times demonstrate that technology can help businesses innovate and thrive. Throwing in a little bit of fun and entertainment couldn’t hurt right?

View all posts by AmritMatti →

You might also like

MySQL

Setup MySQL Master-Slave Replication 2023

linux

How to Fix NOCHANGE: partition 1 could only be grown by -6190792671 [fudge=2048] issue in Linux.

How to Enable Password Authentication in AWS ec2 Instances

How to Resize EBS Volumes with Linux EC2 Instances in AWS

linux

How to setup bash script to monitor Nginx service in Linux.

Leave a Reply

Your email address will not be published. Required fields are marked *