GeoIP module problem

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi apache heroes,

I have an atypical behavior on my setup.

I installed and enabled the GeoIP module.

I'm using the MaxMind CSV files
(https://dev.maxmind.com/geoip/updating-databases?lang=en#directly-downloading-databases)
to generate a geoip.dat file using the tool geolite2legacy
(https://github.com/sherpya/geolite2legacy) to convert MaxMind
GeoLite2 Database to the old legacy format.

My test client IP address is 90.161.x.x (located in Spain)

This IP is on 2510769 zone ...

#grep "90.160.0.0/12" GeoLite2-Country-Blocks-IPv4.csv
90.160.0.0/12,2510769,2510769,,0,0

And the zone 2510769 is in my country, Spain ...

# grep 2510769 GeoLite2-Country-Locations-en
GeoLite2-Country-Locations-en.csv:2510769,en,EU,Europe,ES,Spain,1

Well, so far everything is working as expected. The problem starts
when I test with the following setup on my .htaccess file (yes it's a
PrestaShop)...



# ~~start~~ Do not remove this comment, Prestashop will keep
automatically the code outside this comment when .htaccess will be
generated again
# .htaccess automaticaly generated by PrestaShop e-commerce open-source solution
# http://www.prestashop.com - http://www.prestashop.com/forums

<IfModule mod_rewrite.c>
<IfModule mod_env.c>
SetEnv HTTP_MOD_REWRITE On
</IfModule>

RewriteEngine on
RewriteCond %{HTTP:Authorization} ^(.*)
RewriteRule . - [E=HTTP_AUTHORIZATION:%1]
RewriteCond %{REQUEST_URI} 4da116c575
RewriteRule .* /ca/

RewriteRule . - [E=REWRITEBASE:/]
RewriteRule ^api$ api/ [L]

RewriteRule ^api/(.*)$
%{ENV:REWRITEBASE}webservice/dispatcher.php?url=$1 [QSA,L]

# Images
RewriteRule ^([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$1$2$3.jpg [L]
RewriteRule ^([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$1$2$3$4.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$1$2$3$4$5.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$1$2$3$4$5$6.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$1$2$3$4$5$6$7.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$1$2$3$4$5$6$7$8.jpg [L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$1$2$3$4$5$6$7$8$9.jpg
[L]
RewriteRule ^([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])([0-9])(\-[_a-zA-Z0-9-]*)?(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/p/$1/$2/$3/$4/$5/$6/$7/$8/$1$2$3$4$5$6$7$8$9$10.jpg
[L]
RewriteRule ^c/([0-9]+)(\-[\.*_a-zA-Z0-9-]*)(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/c/$1$2$3.jpg [L]
RewriteRule ^c/([a-zA-Z_-]+)(-[0-9]+)?/.+\.jpg$
%{ENV:REWRITEBASE}img/c/$1$2.jpg [L]
# AlphaImageLoader for IE and fancybox
RewriteRule ^images_ie/?([^/]+)\.(jpe?g|png|gif)$
js/jquery/plugins/fancybox/images/$1.$2 [L]

# Dispatcher
RewriteCond %{REQUEST_FILENAME} -s [OR]
RewriteCond %{REQUEST_FILENAME} -l [OR]
RewriteCond %{REQUEST_FILENAME} -d
RewriteRule ^.*$ - [NC,L]
RewriteRule ^.*$ %{ENV:REWRITEBASE}index.php [NC,L]
</IfModule>

AddType application/vnd.ms-fontobject .eot
AddType font/ttf .ttf
AddType font/otf .otf
AddType font/woff2 .woff2
AddType application/x-font-woff .woff
<IfModule mod_headers.c>
       <FilesMatch "\.(ttf|ttc|otf|eot|woff|woff2|svg)$">
               Header set Access-Control-Allow-Origin "*"
       </FilesMatch>
</IfModule>

<IfModule mod_expires.c>
       ExpiresActive On
       ExpiresByType image/gif "access plus 1 month"
       ExpiresByType image/jpeg "access plus 1 month"
       ExpiresByType image/png "access plus 1 month"
       ExpiresByType text/css "access plus 1 week"
       ExpiresByType text/javascript "access plus 1 week"
       ExpiresByType application/javascript "access plus 1 week"
       ExpiresByType application/x-javascript "access plus 1 week"
       ExpiresByType image/x-icon "access plus 1 year"
       ExpiresByType image/svg+xml "access plus 1 year"
       ExpiresByType image/vnd.microsoft.icon "access plus 1 year"
       ExpiresByType application/font-woff "access plus 1 year"
       ExpiresByType application/x-font-woff "access plus 1 year"
       ExpiresByType font/woff2 "access plus 1 year"
       ExpiresByType application/vnd.ms-fontobject "access plus 1 year"
       ExpiresByType font/opentype "access plus 1 year"
       ExpiresByType font/ttf "access plus 1 year"
       ExpiresByType font/otf "access plus 1 year"
       ExpiresByType application/x-font-ttf "access plus 1 year"
       ExpiresByType application/x-font-otf "access plus 1 year"
</IfModule>

<IfModule mod_headers.c>
       Header unset Etag
</IfModule>
FileETag none
<IfModule mod_deflate.c>
       <IfModule mod_filter.c>
               AddOutputFilterByType DEFLATE text/html text/css
text/javascript application/javascript application/x-javascript
font/ttf application/x-font-ttf font/otf application/x-font-otf
font/opentype image/svg+xml
       </IfModule>
</IfModule>

#If rewrite mod isn't enabled
ErrorDocument 404 /index.php?controller=404

# ~~end~~ Do not remove this comment, Prestashop will keep
automatically the code outside this comment when .htaccess will be
generated again

GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE AD AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE AT AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE BE AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE CH AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE DE AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE DK AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE ES AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE FI AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE FR AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE GB AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE IE AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE IT AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE LU AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE MC AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE NL AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE NO AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE PT AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE SE AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
Deny from all
Allow from env=AllowCountry






The page loads, but I see this error on the apache error_log ...

[Fri Nov 11 13:23:06.906754 2022] [access_compat:error] [pid
2668535:tid 140474346104576] [client 90.161.x.x:43760] AH01797: client
denied by server configuration:
/var/www/vhosts/mydomain.tld/httpdocs/index.php
[Fri Nov 11 13:23:07.052376 2022] [access_compat:error] [pid
2668534:tid 140474580969216] [client 90.161.x.x:43776] AH01797: client
denied by server configuration:
/var/www/vhosts/mydomain.tld/httpdocs/index.php

Because I have activated fail2ban, after a few page loads, the IP is
banned and I can't access my site.

After removing the banned IP from fail2ban and If I remove the GeoIP
part of my .htaccess file, no errors are recorded on error_log and the
page loads correctly.

More strange though, if I replace the previous GeoIP config on the
.htaccess file with the following ...


GeoIPEnable On
SetEnvIf GEOIP_COUNTRY_CODE AF DenyCountry
SetEnvIf GEOIP_COUNTRY_CODE AX DenyCountry
# ... 200 lines ... (all countries except the previous ones: AD, AT, BE, ...)
SetEnvIf GEOIP_COUNTRY_CODE ZM DenyCountry
SetEnvIf GEOIP_COUNTRY_CODE ZW DenyCountry
Deny from env=DenyCountry



No errors logged on apache error_log file and page loads correctly.

And yes, it seems the GeoIP module is working. For exemple, If I add
"SetEnvIf GEOIP_COUNTRY_CODE ES DenyCountry" to the .htaccess file
with the latest described setup (more than 200 denied countries), my
IP is instantly blocked (no first load) as expected. And this entries
appears in apache error_log file (as expected too):

[Fri Nov 11 13:40:33.698490 2022] [access_compat:error] [pid
2668535:tid 140474346104576] [client 90.161.x.x:38306] AH01797: client
denied by server configuration:
/var/www/vhosts/mydomain.tld/httpdocs/ca
[Fri Nov 11 13:40:33.860555 2022] [access_compat:error] [pid
2668535:tid 140474713110272] [client 90.161.xx.x:38310] AH01797:
client denied by server configuration:
/var/www/vhosts/mydomain.tld/httpdocs/favicon.ico, referer: https:/
/mydomain.tld/ca/

Any Idea what's happening and how to find more information?

Thank's!

-- 
Marc Serra

-- 


   
  
  
      <https://www.manxa.com>
     Manxa 1876, S.L.
Ctra. Les 
Tries, 85.17800 Olot (Girona)
*Tel. 972 27 45 30 www.manxa.com 
<https://www.manxa.com>* 
     <https://www.manxaindustrial.com> *Manxa 
Industrial <https://www.manxaindustrial.com>*
 
<https://www.manxaferros.com>  *Manxa Ferros <https://www.manxaferros.com>*
 <https://www.manxabricolatge.com>  *Manxa Ferreteria i Parament de la Llar 
<https://www.manxabricolatge.com>*
  

  



-- 


El contingut d’aquest correu electrònic i els seus annexos és 
estrictament confidencial. En el cas que no siguis el destinatari i hagis 
rebut aquest missatge per error, preguem que ho comuniquis al remitent i 
procedeixis a la seva eliminació, sense difondre, emmagatzemar o copiar el 
seu contingut. Imprimeix aquest correu només si és necessari.

El contenido 
de este correo electrónico y sus anexos es estrictamente confidencial. En 
el caso de que no seas el destinatario y hayas recibido este mensaje por 
error, rogamos lo comuniques al remitente y procedas a su eliminación, sin 
difundir, almacenar o copiar su contenido. Imprimir este correo solo si es 
necesario.

The content of this email and its attachments is strictly 
confidential. If you are not the recipient and you have received this 
message by mistake, please notify the sender and proceed to its 
elimination, without spreading, storing or copying its content. Print this 
email only if necessary.

Le contenu de cet e-mail et de ses pièces jointes 
est strictement confidentiel. Dans le cas où vous n'êtes pas le 
destinataire et avez reçu ce message par erreur, veuillez en informer 
l'expéditeur et procéder à sa suppression, sans diffuser, stocker ou copier 
son contenu. Imprimez cet e-mail uniquement si nécessaire.

---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx





[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux