We recently migrated my Apache server from 2.2 to 2.4. We now trying to block traffic from specific countries using MaxMindDB and GeoIP. We have tried using the old geoip modules and configuration, as well as the mod_maxminddb module, but We not having any success.
Referring to the GitHub repository found at https://github.com/maxmind/geoip-api-c. In an effort to resolve the issue, we also experimented with the mod_maxminddb module, as suggested in another repository: https://github.com/maxmind/mod_maxminddb. However, even after implementing this module, we still haven't achieved the expected results.
I have checked the documentation for both modules, and I cannot see any obvious errors in my configuration. I have also tried restarting Apache, but the problem persists.
I am not sure what else to try. Can anyone help me troubleshoot this issue?
Steps Already Tried:
Install httpd using official documentation in RHEL 9 OS. Install the mod_geoip2 module but not able to install using yum and tried many things but not able to install this module. modgeoip module not install so check with maxminddb which is already Configure the module to block traffic from specific countries. & Restart Apache.
Expected Behavior:
Traffic from the blocked countries should be prevented from accessing the website.
Actual Behavior:
Traffic from the blocked countries is still able to access the website.
ATTACHED FILE Virtual Host conf
<VirtualHost *:80>
ServerName URL
DocumentRoot "/var/www/html"
<Location />
MaxMindDBEnable On
SetEnvIf CLIENTIP "(.*)" MMDB_ADDR=$1
MaxMindDBEnv CB_COUNTRY_CODE COUNTRY_DB/country/iso_code
MaxMindDBEnv CB_COUNTRY_NAME COUNTRY_DB/country/names/en
SetEnvIfExpr "env('CB_COUNTRY_CODE') =~ /^US$|^CA$|^IN$/i" match
Header always set X-Country-Code_match "%{match}e"
SetEnvIf CB_COUNTRY_CODE ^(US|CA|IN) AllowCountry
Header always set MMDB_ADDR "%{MMDB_ADDR}e"
Header always set CB_COUNTRY_CODE "%{CB_COUNTRY_CODE}e"
Header always set X-Country-Allow "%{AllowCountry}e"
</Location>
SetEnvIf REMOTE_ADDR "(.+)" CLIENTIP=$1
SetEnvIf X-Forwarded-For "^([0-9.]+)" CLIENTIP=$1
ErrorLog /var/log/httpd/error_log-web1
CustomLog /var/log/httpd/access_log-web1 combined env=!forwarded
LogFormat "%{CLIENTIP}e %l %u %t \"%r\" %>s %O \"%{Referer}i\" \"%{User-Agent}i\"" proxy
SetEnvIf X-Forwarded-For "^.*\..*\..*\..*" forwarded
CustomLog /var/log/httpd/URL.log proxy env=forwarded
LogFormat "%{CLIENTIP}e \"%{Referer}i\" %h %l %u %t \"%r\" %>s %b duration:%T/%D balancer:%{BALANCER_WORKER_NAME}e Changed:%{BALANCER_ROUTE_CHANGED}e Sticky:%{BALANCER_SESSION_STICKY}e" enhancedlog
SetEnvIf Request_URI "^/zkau$" tzkau
CustomLog /var/log/httpd/enhancedlog.log-web1 enhancedlog env=tzkau
LogFormat "%{CLIENTIP}e \"%{Referer}i\" url:%U %h %l %u %t \"%r\" %>s %b clientip:%a duration:%T/%D balancer:%{BALANCER_WORKER_NAME}e sessionRoute:%{BALANCER_SESSION_ROUTE}e workerRoute:%{BALANCER_WORKER_ROUTE}e Changed:%{BALANCER_ROUTE_CHANGED}e Sticky:%{BALANCER_SESSION_STICKY}e"
TransferLog /var/log/httpd/new-log-web1
RewriteEngine on
Header always set Strict-Transport-Security "max-age=63072000"
RewriteCond %{REQUEST_URI} ^/Keyword/index\.zul
RewriteRule (.*) /index\.zul [L,R]
RewriteRule ^(.*)/Keyword/?(.*) $1/$2 [L,R]
RewriteRule ^(.*)/Keyword/ $1 [L,R]
RewriteCond %{REQUEST_URI} ^/bizclub [or]
RewriteCond %{REQUEST_URI} ^/bizbox
RewriteRule (.*) https://URL [L,R=301]
RewriteCond %{HTTP_USER_AGENT} "^ELB-HealthChecker" [NC,OR]
RewriteRule .* - [S=3]
RewriteCond %{HTTP_HOST} !^Keyword\.com [or]
RewriteCond %{HTTP:X-Forwarded-Proto} =http
RewriteRule (.*) https://URL$1 [L,R=301]
ProxyPreserveHost On
ProxyPass /index.html !
ProxyPass /favicon.ico !
ProxyErrorOverride on
ProxyPass /error !
ProxyPass /error/ !
ErrorDocument 500 /error/error.html
ErrorDocument 503 /error/error.html
ErrorDocument 404 /error/error.html
ProxyPass / balancer://wwwcluster/ stickysession=JSESSIONID|jsessionid scolonpathdelim=On
ProxyPassReverse / balancer://wwwcluster/
ProxyTimeout 60000
Header add Set-Cookie "ROUTEID=.%{BALANCER_WORKER_ROUTE}e; path=/" env=BALANCER_ROUTE_CHANGED
<Proxy balancer://wwwcluster>
BalancerMember http://<IP>:8090 route=node1 keepalive=on
ProxySet lbmethod=bytraffic
ProxySet stickysession=ROUTEID
</Proxy>
</VirtualHost>
Here is an example I am currently using to restrict some countries access: