GeoIP

From KlavoWiki
Jump to navigationJump to search

This configuration is to on enable GeoIP and only allow certain countries to access a specific web site. This works with IPv4 and IPv6 addresses.

Install Debian Applications

apt install libnginx-mod-http-geoip2 libmaxminddb0 libmaxminddb-dev mmdb-bin

Go to https://www.maxmind.com, create a free account. Under Account, Manage license keys. Generate a new license key.

Config GeoIP

vi /etc/GeoIP.conf
AccountID 1234567
LicenseKey rt09gu45gp;c4rovcj4rt0goi.....

EditionIDs GeoLite2-Country GeoLite2-City


Configure nginx

vi /etc/nginx/nginx.conf
        # Load the GeoIP2 database
        geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {
            auto_reload 5m;
            $geoip2_data_country_code country iso_code;
       }

       # Define the whitelist
       map $geoip2_data_country_code $allowed_country {
           default no;
           AU yes;
           NZ yes;
       }

Configure Web Site

vi /etc/nginx/sites-available/sitename
server {
    listen 192.168.1.1:443 ssl;
    http2 on;

    server_name my.web.site;

    # BLOCK UNAUTHORIZED COUNTRIES
    if ($allowed_country = no) {
        return 403;
    }

.
.
.

Verify

geoipupdate -v
mmdblookup --file /var/lib/GeoIP/GeoLite2-Country.mmdb --ip 1.1.1.1 registered_country iso_code
Retrieved from "https://klaverstyn.com.au/david/wiki/index.php?title=GeoIP&oldid=2689"