What is Mod_GeoIP
The mod_geoip2 module embeds GeoIP database lookups into the Apache web server. It is only capable of looking up the IP of a client that connects to the web server, as opposed to looking up arbitrary addresses.
Mod_GeoIP has two different version one is Free and another one is Paid and uses MaxMind GeoIP / GeoCity databases.
Free Version : In Free version the Geo City and Country databases are availble with 99.5% accuracy.
Paid Version : In Paid version you will get both databases with 99.8% accuracy with some more advanaced details about IP address.
If you like to check out the more differences betweetn Free and Paid version, please visit the Maxmind.com.
1. Enable EPEL Repository in RHEL/CentOS 6/5
RHEL/CentOS 6
[root@centos ~]# wget http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-7.noarch.rpm
[root@centos ~]# rpm -Uvh epel-release-6-7.noarch.rpm
Preparing… ########################################### [100%]
1:epel-release ########################################### [100%]
RHEL/CentOS 5
[root@centos ~]# wget http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
[root@centos ~]# rpm -Uvh epel-release-5-4.noarch.rpm
Preparing… ########################################### [100%]
1:epel-release ########################################### [100%]
2. Install Mod_GeoIP in RHEL/CentOS 6/5
Once you’ve EPEL repository enabled on your system, you can simple install it by running following command with their dependency packages.
[root@centos ~]# yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel
Download latest Geo City and Country Database
It’s good idea to download latest Geo City and Country Database to stay updated.
[root@centos ~]# cd /usr/share/GeoIP/
[root@centos ~]# mv GeoIP.dat GeoIP.dat_org
[root@centos ~]# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
[root@centos ~]# gunzip GeoIP.dat.gz
Enable Mod_GeoIP in Apache
To enable mod_geoip module you need to open the /etc/httpd/conf/httpd.conf configuration file.
[root@centos ~]# vi /etc/httpd/conf/httpd.conf
And add the following lines of code it at the bottom.
<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
</IfModule>
Restart the Apache service to reflect changes.
[root@centos ~]# /etc/init.d/httpd restart
OR
[root@centos ~]# service httpd restart
3. Testing Mod_GeoIP Module
To test the mod_geoip module is working correctly with Apache, we need to creat a PHP file called testgeoip.php under Apache root directory (e.g. /var/www/html).
[root@centos ~]# vi /var/www/html/testgeoip.php
Insert the following piece of php code to it.
<html>
<head>
<title>What is my IP address and Country</title>
</head>
<body>
<?
if (getenv(HTTP_X_FORWARDED_FOR)) {
$pipaddress = getenv(HTTP_X_FORWARDED_FOR);
$ipaddress = getenv(REMOTE_ADDR);
echo “Your Proxy IP address is : “.$pipaddress. ” (via $ipaddress) ” ;
} else {
$ipaddress = getenv(REMOTE_ADDR);
echo “My IP address is : $ipaddress”;
}
$country = getenv(GEOIP_COUNTRY_NAME);
echo “<br />My Country : $country”;
?>
</body>
</html>
Now, try to call the file using web browser (e.g. http://generallinux.com/testgeoip.php). You will get your IP address and Country details.
4. Updating GeoIP Database
GeoIP database is updated beginning of every month. So, its is very important to keep GeoIP database up-to-date. To download latest version of database use the following command.
[root@centos ~]# cd /usr/share/GeoIP/
[root@centos ~]# mv GeoIP.dat GeoIP.dat_org
[root@centos ~]# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
[root@centos ~]# gunzip GeoIP.dat.gz
5. Automatic GeoIP Database Update
We have written a smaill shell script that will automatically download the latest version of GeoIP database every month. Just place the any of the following script under /etc/cron.monthly.
Script 1
# Automatic GeoIP Database Update from www.generallinux.com
#!/bin/sh
cd /usr/share/GeoIP
mv GeoIP.dat GeoIP.dat_org
wget -q http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gzip -d -f GeoIP.dat.gz
Script 2
#!/bin/sh
GEOIP_MIRROR=”http://geolite.maxmind.com/download/geoip/database”
GEOIPDIR=/usr/share/GeoIP
TMPDIR=
DATABASES=”GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6″
if [ -d "${GEOIPDIR}" ]; then
cd $GEOIPDIR
if [ -n "${DATABASES}" ]; then
TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX)
echo “Updating GeoIP databases…”
for db in $DATABASES; do
fname=$(basename $db)
wget –no-verbose -t 3 -T 60 “${GEOIP_MIRROR}/${db}.dat.gz” -O “${TMPDIR}/${fname}.dat.gz”
gunzip -fdc “${TMPDIR}/${fname}.dat.gz” > “${TMPDIR}/${fname}.dat”
mv “${TMPDIR}/${fname}.dat” “${GEOIPDIR}/${fname}.dat”
chmod 0644 “${GEOIPDIR}/${fname}.dat”
done
[ -d "${TMPDIR}" ] && rm -rf $TMPDIR
fi
fi
5. Redirecting Users based on Country
The below example code will redirect users based on the country code that we set to AS (Asia). This way you can redirect any users based on their county code.
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AS$
RewriteRule ^(.*)$ http://www.generallinux.com$1 [R,L]
6. Blocking Users based on Country
This example will block users based on the country code that GeoIP sets. Below example will block users from AS (Asia) and US (United States) countries.
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
# … place more countries here
Deny from env=BlockCountry
7. Allowing Users based on Country
This below example will only allow users from below mentioned countries.
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE AS AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
# … place more countries here
Deny from all
Allow from env=AllowCountry
For more information about mod_geoip and its usage can be found at http://www.maxmind.com/app/mod_geoip. If you’re having any trouble in setting up mod_geoip module, please let us know via comments and please don’t forget to share it with your friends
0 comments:
Post a Comment