All HowTo's Cyber-Security Linux Redhat, Fedora and CentOS Linux Ubuntu, Mint & Debian Linux Web Servers

GeoBlocking with Apache on CentOS and Ubuntu

This article describes how to protect your Apache web server by restricting which countries can access it. We’re using Apache on CentOS 7 but Ubuntu instructions are included and are very similar. I’ve given two examples; one on whitelisting everything except what we want to block, and blacklisting everything except what we want to allow:

CentOS method:

Install the module:

yum install mod_geoip

Block everything except what we want to allow:

<Location "/">
SetEnvIf GEOIP_COUNTRY_CODE AU AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
Deny from all
Allow from env=AllowCountry
</Location>

Allow everything except what we want to block:

<Location "/">
SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE EU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
Deny from env=BlockCountry
Allow from all
</Location>

Restart Apache:

systemctl restart httpd

Ubuntu method:

The only difference to the above when using Ubuntu (rather than CentOS) is the following:

Install the package/module:

apt install libapache2-mod-geoip

Then add the following above the Location tags:

<IfModule mod_geoip.c>
  GeoIPEnable On
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>

You can now restart Apache and do some testing.

Leave a Reply

Your email address will not be published. Required fields are marked *