O/S : Centos 7.x
Apache : 2.4.x
maxminddb module requires Apache 2.2 or 2.4 to be installed
mod_maxminddb : https://dev.maxmind.com/geoip/geoip2/downloadable/ –> Apache ( mod_maxminddb)
기존 apache에서 mod_geoip 대신 mod_maxminddb 를 사용하여 access 로그에 국가코드 및 가상호스트에 국가별 접속 설정
1. 사전에 bootstrap을 정상적으로 진행하기 위해서 autoconf automake libtool 설치
libmaxminddb install ( maxminddb 를 설치하기 위해서 사전에 libmaxminddb 를 설치해야 한다 )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 |
[root@localhost ~]# yum -y install autoconf automake libtool [root@xinet src]# git clone --recursive https://github.com/maxmind/libmaxminddb [root@xinet src]# cd libmaxminddb/ [root@xinet libmaxminddb]# ./bootstrap [root@xinet libmaxminddb]# ./configure [root@xinet libmaxminddb]# make [root@xinet libmaxminddb]# make install |
2. environment /usr/local/lib ld config add ( 라이브러리 추가)
|
1 2 3 4 |
[root@xinet libmaxminddb]# vi /etc/ld.so.conf ### add /usr/local/lib |
3. ldconfig / library reconnition ( 라이브러리 인식 )
|
1 |
[root@xinet libmaxminddb]# ldconfig |
4. maxminddb download and install apxs=apache apxs path ( maxminddb 다운로드 및 설치 apache apxs 경로 지정 )
|
1 2 3 4 5 6 7 8 9 10 11 |
[root@xinet libmaxminddb]# cd ../ [root@xinet src]# git clone https://github.com/maxmind/mod_maxminddb.git [root@xinet ~]# cd mod_maxminddb [root@xinet libmaxminddb]# ./bootstrap [root@xinet mod_maxminddb]# ./configure --with-apxs=/usr/local/apache/bin/apxs [root@xinet mod_maxminddb]# make install |
5. apache module maxminddb.so Confim ( 정상적으로 설치되어 있는지 확인 )
|
1 2 |
[root@xinet mod_maxminddb]# ls -l /usr/local/apache/modules/mod_maxminddb.so -rwxr-xr-x 1 root root 56368 2월 3 17:46 /usr/local/apache/modules/mod_maxminddb.so |
6. httpd.conf file modify ( httpd.conf 에 적용하여 log에 CODE가 찍히게 구성)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf ### maxminddb module add LoadModule maxminddb_module modules/mod_maxminddb.so <IfModule maxminddb_module> MaxMindDBEnable On MaxMindDBFile CITY_DB /usr/share/GeoIP/GeoLite2-City.mmdb MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindDBEnv MM_CONTINENT_CODE COUNTRY_DB/continent/code MaxMindDBEnv MM_CONTINENT_NAME COUNTRY_DB/continent/names/en MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code MaxMindDBEnv MM_COUNTRY_NAME COUNTRY_DB/country/names/en </IfModule> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{MM_COUNTRY_CODE}e" combined <IfModule logio_module> LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %I %O %{MM_COUNTRY_CODE}e" combinedio </IfModule> CustomLog "logs/access_log" combined </IfModule> |
GeoLite2-City.mmdb , GeoLite2-Country.mmdb file download
|
1 2 3 4 5 6 7 8 9 |
[root@xinet ~]# mkdir /usr/share/GeoIP/ [root@xinet ~]# cd /usr/share/GeoIP/ [root@xinet ~]# wget https://xinet.kr/data/geoip/GeoLite2-Country.mmdb [root@xinet ~]# wget https://xinet.kr/data/geoip/GeoLite2-City.mmdb [root@xinet ~]# wget https://xinet.kr/data/geoip/GeoLite2-ASN.mmdb |
geoipupdate 4.1.5 install ( Centos 7 ) / GeoLite2-ASN.mmdb GeoLite2-City.mmdb GeoLite2-Country.mmdb
https://xinet.kr/?p=2736
https://www.maxmind.com/en/geoip2-services-and-databases login -> download Files -> gzip -> tar gzip -> mmdb file
7. apache access_log Country_CODE check ( Apache web log access_log CODE 확인)
|
1 2 3 4 5 6 7 8 9 10 |
122.42.22.37 - - [04/Feb/2020:17:34:58 +0900] "GET /wp-content/themes/Blog_Shop/images/commentbullet.png HTTP/2.0" 200 1075 "https://xinet.kr/wp-content/themes/Blog_Shop/style.css?ver=150717" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" KR 122.42.22.37 - - [04/Feb/2020:17:35:00 +0900] "GET /favicon.ico HTTP/2.0" 404 1185 "https://xinet.kr/?p=991" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" KR 112.216.164.45 - - [04/Feb/2020:17:35:17 +0900] "POST /wp-admin/admin-ajax.php HTTP/2.0" 200 150 "https://xinet.kr/wp-admin/post-new.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" KR 18.221.206.247 - - [04/Feb/2020:17:35:21 +0900] "GET /wp-login.php HTTP/2.0" 200 3120 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18" US 18.221.206.247 - - [04/Feb/2020:17:35:22 +0900] "POST /wp-login.php HTTP/2.0" 200 4112 "-" "Opera/9.80 (Windows NT 6.1; WOW64) Presto/2.12.388 Version/12.18" US 157.55.39.52 - - [04/Feb/2020:17:35:26 +0900] "GET /?m=20180316 HTTP/1.1" 200 90060 "-" "Mozilla/5.0 (compatible; bingbot/2.0; +http://www.bing.com/bingbot.htm)" US 112.216.164.45 - - [04/Feb/2020:17:36:17 +0900] "POST /wp-admin/admin-ajax.php HTTP/2.0" 200 47 "https://xinet.kr/wp-admin/post-new.php" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/79.0.3945.130 Safari/537.36" KR 107.180.71.116 - - [04/Feb/2020:17:36:18 +0900] "GET /wp-login.php HTTP/1.1" 200 3120 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" US 107.180.71.116 - - [04/Feb/2020:17:36:21 +0900] "POST /wp-login.php HTTP/1.1" 200 4112 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" US 107.180.71.116 - - [04/Feb/2020:17:36:23 +0900] "POST /xmlrpc.php HTTP/1.1" 200 416 "-" "Mozilla/5.0 (X11; Ubuntu; Linux x86_64; rv:62.0) Gecko/20100101 Firefox/62.0" US |
8. KR Contry Olny Allow And Order Contry Block ( KR 국가만 허용 / 나머지 국가 차단 )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf <IfModule maxminddb_module> MaxMindDBEnable On MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code ### KR Contry Olny Allow And Order Contry Block ( KR 국가만 허용 / 나머지 국가 차단 ) SetEnvIf MM_COUNTRY_CODE KR AllowCountry <Location /> <RequireAny> Require all denied Require env AllowCountry </RequireAny> </Location> </IfModule> |
8. KR , US , FR Contry Allow And Order Contry Block ( KR, US, FR 국가만 허용 / 나머지 국가 차단 )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf <IfModule maxminddb_module> MaxMindDBEnable On MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code ### KR US FR Contry Olny Allow And Order Contry Block ( KR ,FR ,US 국가만 허용 / 나머지 국가 차단 ) SetEnvIf MM_COUNTRY_CODE (KR|US|FR) AllowCountry <Location /> <RequireAny> Require all denied Require env AllowCountry </RequireAny> </Location> </IfModule> |
9. CN Contry Olny Block And Order Contry Allow ( CN 국가만 차단 / 나머지 국가 허용 )
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf <IfModule maxminddb_module> MaxMindDBEnable On MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code #Blocking by Country CN SetEnvIf MM_COUNTRY_CODE ^(CN) BlockCountry <Location /> <RequireAll> Require all granted Require not env BlockCountry </RequireAll> </Location> |
10. CN,EU only Block And Order Contry Allow ( CN, EU 국가만 차단 / 나머지 국가 허용)
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 |
[root@xinet ~]# vi /usr/local/apache/conf/httpd.conf <IfModule maxminddb_module> MaxMindDBEnable On MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code #Blocking by Country CN,EU SetEnvIf MM_COUNTRY_CODE ^(CN|EU) BlockCountry <Location /> <RequireAll> Require all granted Require not env BlockCountry </RequireAll> </Location> </IfModule> |
11. VirtualHost mmdb Access
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
[root@xinet ~]# vi /usr/local/apache/conf/extra/httpd-vhosts.conf ### jsp.xinet.kr -> CN olny Block / Order Contry Allow <VirtualHost *:80> DocumentRoot /free/home/jsp/html ServerName jsp.xinet.kr CustomLog logs/access_log combined <Location /> #Blocking by Country CN SetEnvIf MM_COUNTRY_CODE ^(CN) BlockCountry <RequireAll> Require all granted Require not env BlockCountry </RequireAll> </Location> </VirtualHost> #### jsp2.xinet.kr -> KR,US,FR Allow / Order Country Block <VirtualHost *:80> DocumentRoot /free/home/jsp2/html ServerName jsp2.xinet.kr CustomLog logs/access_log combined <Location /> #KR US FR Allow countries ( KR ,US,FR 국가만 허용 ) SetEnvIf MM_COUNTRY_CODE (KR|US|FR) AllowCountry <RequireAny> Require all denied Require env AllowCountry </RequireAny> </Location> </VirtualHost> |
참고사이트
https://github.com/maxmind/libmaxminddb/blob/master/README.md