[users@httpd] Applying a universal rewrite

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Hi folks,

I've downloaded and installed the free "Lite" version of a very nice little 
tool which will allow me to know the country a connection is coming from; 
I'm going to use it to block users of my website based on country so that I 
can eliminate vast ranges of script kiddies trying to attack my server. (it 
also lets you use the country knowledge for other reasons more positive 
reasons - check it out at http://www.maxmind.com/)

Once loaded, the module defines an environment variable GEOIP_COUNTRY_CODE 
and then the doco suggested this rule to choose countries to block:

<IfModule mod_geoip.c>
    GeoIPEnable On
    GeoIPDBFile /usr/local/share/GeoIP/GeoIP.dat MemoryCache

    SetEnvIf GEOIP_COUNTRY_CODE ^(AT|BR|CN|DE|EE|ES|FR|HK|IE|IN|IT|JP|KR|MX|
MY|NL|NO|PE|PH|RU|SG|TH|TW)$ BlockCountry=1
</IfModule>

That list of country codes is where all my script kiddy traces have come 
from.

Finally, using the BlockCountry env variable, you can do the following in a 
Location block:

    RewriteEngine on
    RewriteCond %{ENV:BlockCountry} =1
    # WARNING goatse is not recommended viewing for ANYONE
    RewriteRule .* http://goatse.ragingfist.net/ [L,R=301]

I inserted this into a Location block, added my own country code (actually 
added -- which is the country code when it can't determine where you are 
from. This happens when you ask for the country of a local IP on a private 
subnet in the 10. or 192.168. range) The rewrite works admirably so I know 
I have it installed properly and the rewrite rule written correctly.

My problem is, how do I make this rewrite work site-wide without having to 
insert it into every Location block on the server? Rewrites don't appear to 
work outside of Location blocks, and unless I'm doing something wrong, it 
doesn't work in the <Directory /> block either.

PS - not affiliated with MaxMind in anyway, but the GeoIP Lite version is 
free and that's good thing; all I need after this is to figure out how to 
insert it into the SSH access filters too and I'll be one happy part-time 
sysadmin.



---------------------------------------------------------------------
The official User-To-User support forum of the Apache HTTP Server Project.
See <URL:http://httpd.apache.org/userslist.html> for more info.
To unsubscribe, e-mail: users-unsubscribe@xxxxxxxxxxxxxxxx
   "   from the digest: users-digest-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: users-help@xxxxxxxxxxxxxxxx
[Index of Archives]     [Open SSH Users]     [Linux ACPI]     [Linux Kernel]     [Linux Laptop]     [Kernel Newbies]     [Security]     [Netfilter]     [Bugtraq]     [Squid]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Samba]     [Video 4 Linux]     [Device Mapper]

  Powered by Linux