Setup GeoIP based blocking using Apache on Ubuntu or Debian. The GeoIP module allows the admin to block or redirect traffic based on location.
In this guide you are going to learn how to install GeoIP module and configure it t block specific countries.
Prerequisites
Apache installed and configured. You can check this guide on how to install and configure Apache2.
Install GeoIP Module
Install GeoIP module for Apache using the following command.
sudo apt install libapache2-mod-geoip
This command will install the required module for Apache.
Enable GeoIP
There are 2 methods to enable GeoIP. If you wish to enable GeoIP server wide you can follow the method 1. This method will have some performance issues.
You can also enable GeoIP from your virtual host configuration.
Method 1 – Server Wide Configuration
Once the module is installed edit the module configuration and make changes as listed below.
Edit the file module configuration file.
sudo nano /etc/apache2/mods-available/geoip.conf
- Set the line GeoIPEnable from Off to On.
- Uncomment the GeoIPDBFile line.
Your final file should look like below.
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat </IfModule>
Save and exit the file.
Enable module.
sudo a2enmod geoip
Method 2 – Virtual Host Configuration
As you have the module installed you should have the GeoIP database installed. So you can just edit your virtual host configuration and make the following changes.
Edit your virtual host configuration.
sudo nano /etc/apache2/sites-available/virtualhost.conf
Add the following below the ServerAlias directive.
GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat GeoIPScanProxyHeaders On
Save and exit the file.
Restart Apache
Check if the configuration is correct and restart Apache.
sudo apachectl configtest sudo service apache2 restart
Now you have GeoIP enabled.
Manage Restrictions
Block Certain Countries
Create or open the .htaccess file which is inside your web root directory and add the following snippet to block countries.
SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry Deny from env=BlockCountry
The above configuration will block requests from the above 2 countries. You can include as per your wish.
Allow Certain Countries
Create or open the .htaccess file which is inside your web root directory and add the following snippet to allow countries.
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry Deny from all Allow from env=AllowCountry
The above configuration will allow requests only from the above 2 countries. You can include as per your wish.
You can find the list of Country codes from the official maxmind database.
Conclusion
Now you have learned how to configure GeoIP based restrictions with Apache on your Ubuntu or Debian servers.
Thanks for your time. If you face any problem or any feedback, please leave a comment below.
Hi,
The country configuration only work under .htacess?
I would like to use geoip with reverse proxy, but ther isn’t html directory.
How can I configure it in this case?
GeoIP databases are unmaintained since March 2019 and will be retired next year, you should be using GeoIP2 instead: