This article describes how to protect your Apache web server by restricting which countries can access it. We’re using Apache on CentOS 7 but Ubuntu instructions are included and are very similar. I’ve given two examples; one on whitelisting everything except what we want to block, and blacklisting everything except what we want to allow:
CentOS method:
Install the module:
yum install mod_geoip
Block everything except what we want to allow:
<Location "/"> SetEnvIf GEOIP_COUNTRY_CODE AU AllowCountry SetEnvIf GEOIP_COUNTRY_CODE NZ AllowCountry SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry Deny from all Allow from env=AllowCountry </Location>
Allow everything except what we want to block:
<Location "/"> SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry SetEnvIf GEOIP_COUNTRY_CODE EU BlockCountry SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry Deny from env=BlockCountry Allow from all </Location>
Restart Apache:
systemctl restart httpd
Ubuntu method:
The only difference to the above when using Ubuntu (rather than CentOS) is the following:
Install the package/module:
apt install libapache2-mod-geoip
Then add the following above the Location tags:
<IfModule mod_geoip.c> GeoIPEnable On GeoIPDBFile /usr/share/GeoIP/GeoIP.dat </IfModule>
You can now restart Apache and do some testing.