AWS Google Cloud Linux

How to Setup GeoIP Block using Apache

Setup GeoIP based blocking using Apache on Ubuntu or Debian. The GeoIP module allows the admin to block or redirect traffic based on location.

In this guide you are going to learn how to install GeoIP module and configure it t block specific countries.

Best Hosting for your Business

PlatformReviewsPricing
Cloudways★★★★★$10
Kinsta – Google Cloud★★★★★$30

Prerequisites

Apache installed and configured. You can check this guide on how to install and configure Apache2.

Install GeoIP Module

Install GeoIP module for Apache using the following command.

sudo apt install libapache2-mod-geoip

This command will install the required module for Apache.

Enable GeoIP

There are 2 methods to enable GeoIP. If you wish to enable GeoIP server wide you can follow the method 1. This method will have some performance issues.

You can also enable GeoIP from your virtual host configuration.

Method 1 – Server Wide Configuration

Once the module is installed edit the module configuration and make changes as listed below.

Edit the file module configuration file.

sudo nano /etc/apache2/mods-available/geoip.conf
  • Set the line GeoIPEnable from Off to On.
  • Uncomment the GeoIPDBFile line.

Your final file should look like below.

<IfModule mod_geoip.c>
  GeoIPEnable On
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>

Save and exit the file.

Enable module.

sudo a2enmod geoip

Method 2 – Virtual Host Configuration

As you have the module installed you should have the GeoIP database installed. So you can just edit your virtual host configuration and make the following changes.

Edit your virtual host configuration.

sudo nano /etc/apache2/sites-available/virtualhost.conf

Add the following below the ServerAlias directive.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
GeoIPScanProxyHeaders On

Save and exit the file.

Restart Apache

Check if the configuration is correct and restart Apache.

sudo apachectl configtest
sudo service apache2 restart

Now you have GeoIP enabled.

Manage Restrictions

Block Certain Countries

Create or open the .htaccess file which is inside your web root directory and add the following snippet to block countries.

SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE VN BlockCountry
Deny from env=BlockCountry

The above configuration will block requests from the above 2 countries. You can include as per your wish.

Allow Certain Countries

Create or open the .htaccess file which is inside your web root directory and add the following snippet to allow countries.

SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
Deny from all

Allow from env=AllowCountry

The above configuration will allow requests only from the above 2 countries. You can include as per your wish.

You can find the list of Country codes from the official maxmind database.

Conclusion

Now you have learned how to configure GeoIP based restrictions with Apache on your Ubuntu or Debian servers.

Thanks for your time. If you face any problem or any feedback, please leave a comment below.

Cloudbooklet builds a large collection of Linux based guides and tutorials on Cloud platforms like Google Cloud, AWS, Azure, DigitalOcean and more

1 Comment

  1. GeoIP databases are unmaintained since March 2019 and will be retired next year, you should be using GeoIP2 instead:

Write A Comment

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.