3,250
edits
Changes
Jump to navigation
Jump to search
Line 24:
Line 24: − + Line 37:
Line 37: − + + + − + + + Line 52:
Line 56: + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
→Uninstall
<!-- keep this first element as is, you can add some if needed -->
<!-- keep this first element as is, you can add some if needed -->
{{#smeversion: {{#var:smecontribname}} }}
{{#smeversion: {{#var:smecontribname}} }}
{{#smeversion: {{#var:contribname}} }}
{{#smeversion: mod_maxminddb }}
=== Description ===
=== Description ===
=== Configuration ===
=== Configuration ===
you can list the available configuration with the followinf command :
you can list the available configuration with the following command :
config show modMaxminddb
config show modMaxminddb
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :
{| class="wikitable"
{| class="wikitable"
!db
!key
!property
!property
!default
!default
!values
!values
!
!role
|-
|-
|configuration
|modMaxminddb
|Path
|Path
|/usr/share/GeoIP
|/usr/share/GeoIP
|
|
|-
|-
|configuration
|modMaxminddb
|status
|status
|enabled
|enabled
|enabled,disabled
|enabled,disabled
|-
|configuration
|http-admin
|ValidFromGeoIP
|(empty)
|country code coma separated
|list of whitelisted country allowed to access, e.g.: CA,FR
|-
|configuration
|http-admin
|GeoIPManager
|
|
|enable geoip access to server-manager
|-
|configuration
|http-admin
|GeoIPUser
|
|
|enable geoip access to user-manager if installed
|-
|configuration
|http-admin
|GeoIPPassword
|enabled
|
|enable geoip access to user-password
|}
|}
==== Allow access to a specific country ====
Starting SME10 you can use this mod to allow access to server-manager, user-manager, local ibays, local contributions. In other words, anything that uses httpd-e-smith, has access = local and would have been accessible to an IP if you added this to httpd-admin ValidFrom (or added this Ip or subnet of IPs in the Remote access panel of the server-manager), will be allow any IP considered to this country / countries to access the ressources. THis is powerfull, so use it only if you know the risk.
This is still a bit more secure than adding 0.0.0./0.0.0.0 to ValidFrom but ... you known vpn and proxies exists....
to add access to all IPs localized in Canada and France:
config setprop httpd-admin ValidFromGeoIP CA,FR
expand-template /etc/httpd/conf/httpd.conf
systemctl restart httpd-e-smith
you will then need to add sections manually in a template-custom, first for manager related things that should never have access to http (80):
mkdir /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHost -p
printf '{
$haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no';
if (($haveSSL eq 'yes') && ($port eq $httpsPort) )
$OUT ="
<Location /server-manager>
Require env AllowCountries
</Location>
<Location /server-common>
Require env AllowCountries
</Location>
<Location /user-manager>
Require env AllowCountries
</Location>
<Location /user-password>
Require env AllowCountries
</Location>\n";
}' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHost/98geoipallow
for directory:
printf '
<Directory /home/e-smith/files/ibays/Primary/html>
Require env AllowCountries
</Directory>
<Directory "/usr/share/nextcloud">
Require env AllowCountries
</Directory>
' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98geoipallow
then expand
expand-template /etc/httpd/conf/httpd.conf
httpd -t
if syntx OK then restart httpd
systemctl restart httpd-e-smith
To remove all access by Country
config delprop httpd-admin ValidFromGeoIP
expand-template /etc/httpd/conf/httpd.conf
systemctl restart httpd-e-smith
=== Uninstall ===
=== Uninstall ===
yum remove {{#var:smecontribname}} {{#var:contribname}}
yum remove {{#var:smecontribname}} {{#var:contribname}}
=== References ===
* https://github.com/maxmind/mod_maxminddb/issues/42
=== Bugs ===
=== Bugs ===