HOME
Apache

Ubuntu apache2 maxminddb 활용한 국가 접속 허용

admin 2025.03.14

Ubuntu에 설치된 apache2에서 maxminddb를 이용해서 로그에 국가코드를 출력하게 구성하고
특정 국가 차단 및 허용에 대한 방법을 알아보자

O/S 버전

root@jin-ubuntu:~# cat /etc/issue
Ubuntu 24.04.1 LTS \n \l

1 2	root@jin-ubuntu:~# cat /etc/issue Ubuntu 24.04.1 LTS \n \l

1. 기본 apache는 설치되어 있다 ( 설치는 해당 주소 참고 –> https://xinet.kr/?p=4423) 패키지 저장소 추가

root@jin-ubuntu:~# sudo add-apt-repository ppa:maxmind/ppa

1	root@jin-ubuntu:~# sudo add-apt-repository ppa:maxmind/ppa

2. 패키지 업데이트 및 패키지 설치

root@jin-ubuntu:~# sudo apt update

root@jin-ubuntu:~# sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate

root@jin-ubuntu:~# sudo apt update

root@jin-ubuntu:~# sudo apt install libmaxminddb0 libmaxminddb-dev mmdb-bin geoipupdate

3. maxminddb는 패키지 설치가 진행이 안되니 직접 컴파일을 진행해야 한다 관련 패키지 설치

root@jin-ubuntu:~#  sudo apt install apache2-dev git cmake make g++ -y

1	root@jin-ubuntu:~# sudo apt install apache2-dev git cmake make g++ -y

4. 파일 다운로드 및 설치 진행

root@jin-ubuntu:~# wget https://github.com/maxmind/mod_maxminddb/releases/download/1.2.0/mod_maxminddb-1.2.0.tar.gz

root@jin-ubuntu:~# tar xvfz mod_maxminddb-1.2.0.tar.gz 

root@jin-ubuntu:~# cd mod_maxminddb-1.2.0/

root@jin-ubuntu:~/mod_maxminddb-1.2.0# ./configure 

root@jin-ubuntu:~/mod_maxminddb-1.2.0# make && make install

root@jin-ubuntu:~# wget https://github.com/maxmind/mod_maxminddb/releases/download/1.2.0/mod_maxminddb-1.2.0.tar.gz

root@jin-ubuntu:~# tar xvfz mod_maxminddb-1.2.0.tar.gz

root@jin-ubuntu:~# cd mod_maxminddb-1.2.0/

root@jin-ubuntu:~/mod_maxminddb-1.2.0# ./configure

root@jin-ubuntu:~/mod_maxminddb-1.2.0# make && make install

5. 모듈 확인

root@jin-ubuntu:~/mod_maxminddb-1.2.0# ls -l /usr/lib/apache2/modules/ | grep max
-rw-r--r-- 1 root root  59688 Mar 14 07:22 mod_maxminddb.so

1 2	root@jin-ubuntu:~/mod_maxminddb-1.2.0# ls -l /usr/lib/apache2/modules/ \| grep max -rw-r--r-- 1 root root 59688 Mar 14 07:22 mod_maxminddb.so

6. 모듈 활성화

root@jin-ubuntu:~/mod_maxminddb-1.2.0# sudo a2enmod maxminddb         
Module maxminddb already enabled

1 2	root@jin-ubuntu:~/mod_maxminddb-1.2.0# sudo a2enmod maxminddb Module maxminddb already enabled

7. GeoLite 파일을 다운로드 한다 / 경로 이동후 wget 다운로드 (매주 갱신되는 파일이니 최신것이 적용된다)

root@jin-ubuntu:~/mod_maxminddb-1.2.0# cd /usr/share/GeoIP/

root@jin-ubuntu:/usr/share/GeoIP#  wget xinet.kr/data/geoip/GeoLite2-Country.mmdb

root@jin-ubuntu:/usr/share/GeoIP#  wget xinet.kr/data/geoip/GeoLite2-City.mmdb

root@jin-ubuntu:~/mod_maxminddb-1.2.0# cd /usr/share/GeoIP/

root@jin-ubuntu:/usr/share/GeoIP# wget xinet.kr/data/geoip/GeoLite2-Country.mmdb

root@jin-ubuntu:/usr/share/GeoIP# wget xinet.kr/data/geoip/GeoLite2-City.mmdb

8. apache2에 maxminddb 환경설정을 하단에 추가한다

root@jin-ubuntu:/usr/share/GeoIP# vi /etc/apache2/apache2.conf 

MaxMindDBEnable On
MaxMindDBFile CITY_DB /usr/share/GeoIP/GeoLite2-City.mmdb
MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_CONTINENT_CODE          COUNTRY_DB/continent/code
MaxMindDBEnv MM_CONTINENT_NAME          COUNTRY_DB/continent/names/en
MaxMindDBEnv MM_COUNTRY_CODE            COUNTRY_DB/country/iso_code
MaxMindDBEnv MM_COUNTRY_NAME            COUNTRY_DB/country/names/en

root@jin-ubuntu:/usr/share/GeoIP# vi /etc/apache2/apache2.conf

MaxMindDBEnable On

MaxMindDBFile CITY_DB /usr/share/GeoIP/GeoLite2-City.mmdb

MaxMindDBFile COUNTRY_DB /usr/share/GeoIP/GeoLite2-Country.mmdb

MaxMindDBEnv MM_CONTINENT_CODE COUNTRY_DB/continent/code

MaxMindDBEnv MM_CONTINENT_NAME COUNTRY_DB/continent/names/en

MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code

MaxMindDBEnv MM_COUNTRY_NAME COUNTRY_DB/country/names/en

9. 로그포맷도 수정한다

root@jin-ubuntu:/usr/share/GeoIP# vi /etc/apache2/apache2.conf 

LogFormat "%h \"%{Host}i\" %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" TLSv=%{SSL_PROTOCOL}x %{MM_COUNTRY_CODE}e" combined

root@jin-ubuntu:/usr/share/GeoIP# vi /etc/apache2/apache2.conf

LogFormat "%h \"%{Host}i\" %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\" TLSv=%{SSL_PROTOCOL}x %{MM_COUNTRY_CODE}e" combined

10. 구문에러 확인 후 이상없으면 재시작

root@jin-ubuntu:/usr/share/GeoIP# apachectl -t
Syntax OK


### 웹서버 재시작
root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

root@jin-ubuntu:/usr/share/GeoIP# apachectl -t

Syntax OK

### 웹서버 재시작

root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

11. apache 로그 확인 국가코드가 출력되는것을 확인 할 수 있다

root@jin-ubuntu:/usr/share/GeoIP# tail -F /var/log/apache2/access.log 

121.13.97.181 "www.xinet.kr" - - [14/Mar/2025:07:46:28 +0000] "GET / HTTP/2.0" 200 215 "-" "Mozilla/5.0 \
(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/134.0.0.0 Safari/537.36" TLSv=TLSv1.3 KR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:46:57 +0000] "GET /info.php \
HTTP/1.1" 200 84782 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\
 Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:46:58 +0000] "GET /info.php HTTP/1.1" 200 84781 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\
 Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:47:05 +0000] "GET /nas.png HTTP/1.1" 200 30638 \
"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\
 Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

root@jin-ubuntu:/usr/share/GeoIP# tail -F /var/log/apache2/access.log

121.13.97.181 "www.xinet.kr" - - [14/Mar/2025:07:46:28 +0000] "GET / HTTP/2.0" 200 215 "-" "Mozilla/5.0 \

(Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/134.0.0.0 Safari/537.36" TLSv=TLSv1.3 KR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:46:57 +0000] "GET /info.php \

HTTP/1.1" 200 84782 "-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:46:58 +0000] "GET /info.php HTTP/1.1" 200 84781 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

135.125.108.219 "apache2.xinet.kr" - - [14/Mar/2025:07:47:05 +0000] "GET /nas.png HTTP/1.1" 200 30638 \

"-" "Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko)\

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

이제 서버에 설정된 모든 도메인에 대해서 국가 차단 하는 설정을 진행해보자 (전역설정)

root@jin-ubuntu:~# vi /etc/apache2/apache2.conf     

### 전역설정 및 해당 국가 차단 (FR ,CN 국가 차단)
<Location />
SetEnvIf MM_COUNTRY_CODE ^(FR|CN) BlockCountry
Deny from env=BlockCountry
</Location>

### 웹서버 재시작
root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

root@jin-ubuntu:~# vi /etc/apache2/apache2.conf

### 전역설정 및 해당 국가 차단 (FR ,CN 국가 차단)

SetEnvIf MM_COUNTRY_CODE ^(FR|CN) BlockCountry

Deny from env=BlockCountry

</Location>

### 웹서버 재시작

root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

로그를 확인해보면 403 코드 접속 불가가 출력된다

141.94.171.79 "apache2.xinet.kr" - - [14/Mar/2025:08:04:54 +0000] "GET / HTTP/1.1" 403 344 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

141.94.110.167 "apache2.xinet.kr" - - [14/Mar/2025:08:05:01 +0000] "GET / HTTP/1.1" 403 344 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

141.94.171.79 "apache2.xinet.kr" - - [14/Mar/2025:08:04:54 +0000] "GET / HTTP/1.1" 403 344 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

141.94.110.167 "apache2.xinet.kr" - - [14/Mar/2025:08:05:01 +0000] "GET / HTTP/1.1" 403 344 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

이제는 한국만 허용하고 나머지 국가는 모두 다 차단시

root@jin-ubuntu:~# vi /etc/apache2/apache2.conf     

### 전역설정 KR만 접속허용
<Location />
    SetEnvIf MM_COUNTRY_CODE ^KR$ AllowCountry
    Require env AllowCountry
</Location>


### 웹서버 재시작
root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

root@jin-ubuntu:~# vi /etc/apache2/apache2.conf

### 전역설정 KR만 접속허용

SetEnvIf MM_COUNTRY_CODE ^KR$ AllowCountry

Require env AllowCountry

</Location>

### 웹서버 재시작

root@jin-ubuntu:/usr/share/GeoIP# systemctl restart apache2

로그를 확인해보면

121.156.11.11 "www.xinet.kr" - - [14/Mar/2025:08:10:13 +0000] "GET / HTTP/2.0" 200 215 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/134.0.0.0 Safari/537.36" TLSv=TLSv1.3 KR

218.145.31.50 "www5.xinet.kr" - - [14/Mar/2025:08:10:18 +0000] "GET / HTTP/2.0" 200 205 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/134.0.0.0 Safari/537.36 Edg/134.0.0.0" TLSv=TLSv1.3 KR

### KR국가가 아닌 CODE 403 ERROR 
51.222.40.83 "apache2.xinet.kr" - - [14/Mar/2025:08:10:28 +0000] "GET / HTTP/1.1" 403 344 "-" 
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/131.0.0.0 Safari/537.36" TLSv=- CA

37.59.18.215 "apache2.xinet.kr" - - [14/Mar/2025:08:10:36 +0000] "GET / HTTP/1.1" 403 344 "-" \
"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \
Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

121.156.11.11 "www.xinet.kr" - - [14/Mar/2025:08:10:13 +0000] "GET / HTTP/2.0" 200 215 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/134.0.0.0 Safari/537.36" TLSv=TLSv1.3 KR

218.145.31.50 "www5.xinet.kr" - - [14/Mar/2025:08:10:18 +0000] "GET / HTTP/2.0" 200 205 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/134.0.0.0 Safari/537.36 Edg/134.0.0.0" TLSv=TLSv1.3 KR

### KR국가가 아닌 CODE 403 ERROR

51.222.40.83 "apache2.xinet.kr" - - [14/Mar/2025:08:10:28 +0000] "GET / HTTP/1.1" 403 344 "-"

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/131.0.0.0 Safari/537.36" TLSv=- CA

37.59.18.215 "apache2.xinet.kr" - - [14/Mar/2025:08:10:36 +0000] "GET / HTTP/1.1" 403 344 "-" \

"Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) \

Chrome/131.0.0.0 Safari/537.36" TLSv=- FR

만약 특정 도메인만 적용하려면 도메인 vhost 파일에 내용을 설정

root@jin-ubuntu:~# vi /etc/apache2/sites-enabled/www.xinet.kr-ssl.conf 

<VirtualHost *:443>
DocumentRoot /home/xinet/html
ServerName xinet.kr
ServerAlias www.xinet.kr
ErrorLog ${APACHE_LOG_DIR}/error.log
CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/apache2/ssl/File_www.xinet.kr_apache.crt
SSLCertificateKeyFile /etc/apache2/ssl/www.xinet.kr.key
SSLCertificateChainFile /etc/apache2/ssl/ChainFile_ChainBundle.crt
SSLCACertificateFile /etc/apache2/ssl/CA_GLOBALSIGN.crt
Include /etc/apache2/ssl.conf

### KR만 접속허용
<Location /home/xinet/html>
    SetEnvIf MM_COUNTRY_CODE ^KR$ AllowCountry
    Require env AllowCountry
</Location>
</VirtualHost>

root@jin-ubuntu:~# vi /etc/apache2/sites-enabled/www.xinet.kr-ssl.conf

DocumentRoot /home/xinet/html

ServerName xinet.kr

ServerAlias www.xinet.kr

ErrorLog ${APACHE_LOG_DIR}/error.log

CustomLog ${APACHE_LOG_DIR}/access.log combined

SSLCertificateFile /etc/apache2/ssl/File_www.xinet.kr_apache.crt

SSLCertificateKeyFile /etc/apache2/ssl/www.xinet.kr.key

SSLCertificateChainFile /etc/apache2/ssl/ChainFile_ChainBundle.crt

SSLCACertificateFile /etc/apache2/ssl/CA_GLOBALSIGN.crt

Include /etc/apache2/ssl.conf

### KR만 접속허용

SetEnvIf MM_COUNTRY_CODE ^KR$ AllowCountry

Require env AllowCountry

</Location>

</VirtualHost>

상품명
주문번호
택배사
송장번호

시골청년의 엔지니어이야기 ( 진반장 )

Ubuntu apache2 maxminddb 활용한 국가 접속 허용

코멘트 쓰기 작성취소