Blocking users from certain countries

Using the GeoIP module, which allows you to redirect or block web traffic according to geographic location.

EPEL repository in RHEL and CentOS*

By default for Apache/2.4.6 mod_geoip is not available in the official RHEL / CentOS repository, so we need to install a third-party EPEL repository.

yum install epel-release  

Mod_GeoIP in RHEL and CentOS

Once the EPEL repository is enabled on your system, you can simply install mod_geoip by running the following command with its dependency packages:

yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel  

To download the latest Geo City and Country Database, run the commands:

cd /usr/share/GeoIP/  
mv GeoIP.dat GeoIP.dat_org  
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz  
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz  
gunzip GeoIP.dat.gz  
gunzip GeoLiteCity.dat.gz  

Include Mod_GeoIP in Apache

Once the module is installed, open and edit the main module configuration file with a text editor and activate the module:

nano /etc/httpd/conf.d/geoip.conf  

Set the GeoIPEnable line from Off to On. Also make sure you add an absolute path to the GeoIP database file.

<IfModule mod_geoip.c>  
GeoIPEnable On  
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat  
</IfModule>  

Restart the Apache service.

systemctl restart httpd  

Routing users based on country

In the example above, the code will redirect users based on the country we set as AS (Asia).

So you can redirect all users based on their country code.

GeoIPEnable On  
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat  
# Redirect one country
RewriteEngine on  
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AS$  
RewriteRule ^(.*)$ https://www.testing.ru$1 [R,L]  

Blocking users based on country

This example will block users based on the country code that GeoIP sets.
An example of blocking users from AS (Asia) and USA (USA).

GeoIPEnable On  
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat  
SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry  
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry  
# ... place more countries here
Deny from env=BlockCountry  

Allow user access based on country*

This example will allow users to have access only from the countries listed below.

GeoIPEnable On  
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat  
SetEnvIf GEOIP_COUNTRY_CODE AS AllowCountry  
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry  
# ... place more countries here
Deny from all  
Allow from env=AllowCountry  

Each request contains a special header GeoIp-Country-Code, which contains the visitor's two-letter country code ISO 3166. The country is determined based on the visitor's IP address according to MaxMind GeoLite.

For example:

• AF - Africa
• AN - Antarctica
• AS - Asia
• EU - Europe
• NA - North America
• OC - Oceania
• SA - South America
• UA - Ukraine
• CN - China
• PL - Poland