1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Blocking country spam using Apache and mod_geoip2

Discussion in 'Forum Management' started by Ketola, May 6, 2015.

  1. Ketola

    Ketola Member

    Our forums are getting decent amounts of spam from specific countries that rarely see visits from genuine users. Therefore I decided to block them all from posting by employing mod_geoip2 and GeoLite Country database. Thought I'd share the process in case someone else is dealing with a similar issue.

    This process is for CentOS, so please adjust accordinly for your distro. GeoIP-devel is installed from EPEL.
    1. Install GeoIP and development headers and libraries
      Code:
      yum -y install GeoIP-devel httpd-devel
    2. Download and compile mod_geoip2
      Code:
      cd /tmp
      wget --no-check-certificate "https://github.com/maxmind/geoip-api-mod_geoip2/archive/1.2.10.tar.gz" -O geoip-api-mod_geoip2-1.2.10.tar.gz
      tar xvfz geoip-api-mod_geoip2-1.2.10.tar.gz && rm -f geoip-api-mod_geoip2-1.2.10.tar.gz
      cd geoip-api-mod_geoip2-1.2.10/
      apxs -i -a -L/usr/local/lib -I/usr/local/include -lGeoIP -c mod_geoip.c
    3. Configure GeoIP to use GeoLite Country db (506)
      Code:
      cat <<EOF >/etc/GeoIP.conf
      
      LicenseKey YOUR_LICENSE_KEY_HERE
      UserId YOUR_USER_ID_HERE
      ProductIds 506
      EOF
    4. Update the DB and setup a weekly cron to keep it up to date
      Code:
      geoipupdate
      
      cat <<EOF >/etc/cron.weekly/geoipupdate
      #!/bin/sh
      /usr/bin/geoipupdate >/dev/null 2>&1
      EOF
      
      chmod 755 /etc/cron.weekly/geoipupdate
    5. Setup Apache to use the GeoLite Country DB, disable mod_geoip by default
      Code:
      cat <<EOF >/etc/httpd/conf.d/geoip.conf
      
      <IfModule mod_geoip.c>
        GeoIPEnable Off
        GeoIPDBFile /usr/share/GeoIP/GeoLiteCountry.dat
      </IfModule>
      EOF
    6. Add the following to XenForo .htaccess file (or your VirtualHost)
      Code:
      #   If GeoIP module is loaded use it to block users from specified geos
      
      <IfModule mod_geoip.c>
          GeoIPEnable On
          # ISO 3166 country codes for blocked geos. See http://dev.maxmind.com/geoip/legacy/codes/iso3166/
          RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(PK|IN|CN|BD)$
          # Match on query string when testing under VirtualHost
          RewriteCond %{QUERY_STRING} ^.*(create-thread|quick-update|add-reply).*$ [OR]
          # Match on request URI when testing under .htaccess
          RewriteCond %{REQUEST_URI} ^.*(create-thread|quick-update|add-reply).*$
          RewriteRule .* - [F]
      </IfModule>
    7. Restart Apache to enable mod_geoip
      Code:
      apachectl graceful
    That's it! Visitors from blocked countries (in this example Pakistan, India, China, Bangladesh) are allowed to browse the forums and even sign up for an account, but they cannot post new threads or reply to existing ones. Changing the way the bans work can be done by simply adjusting the rewrite conditionals. You could, for example, block all POST requests instead to make the site completely read-only for the users.
     
    ForestForTrees likes this.
  2. RoldanLT

    RoldanLT Well-Known Member

    And usually will degrade your Server Performance.
     
  3. Ketola

    Ketola Member

    I haven't measured the effect on performance (server load, increased latency), but I'd say it's negligible considering the gains. The GeoIP db itself is small (less than 800k) and will always be in memory. IP lookups against it are rather quick.

    Of course if you're concerned about the performance of mod_geoip you could always switch to enabling GeoIP only for specific URLs.

    Here are the stacked load averages for our web backends after enabling mod_geoip on April 29th (the spikes are from sending out newsletters):
    stacked-load.png
     
    ForestForTrees and RoldanLT like this.
  4. Robust

    Robust Well-Known Member

    You could use CloudFlare to block countries too, if you're using CloudFlare. They have an option for this.
     
    Ketola likes this.
  5. RoldanLT

    RoldanLT Well-Known Member

    Robust likes this.
  6. Robust

    Robust Well-Known Member

Share This Page