To home page

Blocking users from certain countries

Examples of using GeoIp to block users from certain countries

Using the GeoIP module, which allows you to redirect or block web traffic according to geographic location.

EPEL repository in RHEL and CentOS*

By default for Apache/2.4.6 mod_geoip is not available in the official RHEL / CentOS repository, so we need to install a third-party EPEL repository.

yum install epel-release

Mod_GeoIP in RHEL and CentOS

Once the EPEL repository is enabled on your system, you can simply install mod_geoip by running the following command with its dependency packages:

yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel

To download the latest Geo City and Country Database, run the commands:

cd /usr/share/GeoIP/
mv GeoIP.dat GeoIP.dat_org
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoIP.dat.gz
gunzip GeoLiteCity.dat.gz

Include Mod_GeoIP in Apache

Once the module is installed, open and edit the main module configuration file with a text editor and activate the module:

nano /etc/httpd/conf.d/geoip.conf

Set the GeoIPEnable line from Off to On. Also make sure you add an absolute path to the GeoIP database file.

<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat 
</IfModule>

file

Restart the Apache service.

systemctl restart httpd

Routing users based on country

In the example above, the code will redirect users based on the country we set as AS (Asia).

So you can redirect all users based on their country code.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AS$
RewriteRule ^(.*)$ https://www.testing.ru$1 [R,L]

Blocking users based on country

This example will block users based on the country code that GeoIP sets. An example of blocking users from AS (Asia) and USA (USA).

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
# ... place more countries here
Deny from env=BlockCountry

Allow user access based on country*

This example will allow users to have access only from the countries listed below.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat
SetEnvIf GEOIP_COUNTRY_CODE AS AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
# ... place more countries here
Deny from all
Allow from env=AllowCountry

Each request contains a special header GeoIp-Country-Code, which contains the visitor's two-letter country code ISO 3166. The country is determined based on the visitor's IP address according to MaxMind GeoLite.

For example:

  • AF - Africa
  • AN - Antarctica
  • AS - Asia
  • EU - Europe
  • NA - North America
  • OC - Oceania
  • SA - South America
  • UA - Ukraine
  • CN - China
  • PL - Poland
Updated at:
6/4/2020, 15:15
Previous article
Bitrix
Next article
Cachet
Need help?Our engineers will help you free of charge with any question in minutesContact us