After finding a slew of script kitty attempts on my Apache system from networks based in China, I decided to take a crack at closing out access from that country. I found a great Apache module called mod_geoip that performs country-based lookups on a client’s address. I don’t know how complete the free database file is, but so far it seems to be accurate and functional. After a little trial and error, I was able to get it installed and configured and already I have blocked one script attack from China. Woot!
If I ever get around to actually finishing the GUILD website, I can then use this technology to route non-US users to another, international version of the site (since the GUILD is intended for US citizens… which is not to say the site could not be accessed by foreign-based, US nationals).
Oh, and in the off chance that someone else is trying to configure this and not having any luck. I was using the country-based filtering logic described by the author(s) of this module at MaxMind.
GeoIPEnable On GeoIPDBFile /path/to/GeoIP.dat SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry Deny from env=BlockCountry
My initial thought was that I could put the SetEnvIf statements in the <VirtualHost> container and then check the existance of this variable in various <Directory> containers, but I found that when it came time to evaluate the Access statements, the variables had not been set. Once I moved the SetEnvIf statements to the line just before my access control (inside the <Directory> container), though, the whole thing started working as expected
