Mod maxminddb

From SME Server




smeserver-mod_maxminddb
NeedImage.svg
smeserver-mod_maxminddb logo
MaintainerUnnilennium
Urlhttps://wiki.contribs.org
CategoryCategory:security, geoip
Tags securitygeoipaccesapachehttpd

Maintainer

Jean-Philippe Pialasse

Version

Contrib 9:
Contrib 10:
smeserver-mod_maxminddb
The latest version of smeserver-mod_maxminddb is available in the SME repository, click on the version number(s) for more information.
Contrib 9:
Contrib 10:
mod_maxminddb
The latest version of mod_maxminddb is available in the SME repository, click on the version number(s) for more information.


Description

This contrib enable the new Geoip2 plugin from Maxmind in order to let your apache server to get full capacity of geoip with recent db.

The contrib also plan to help you restrict usage of server-manager, user-manager, or any other contrib depending on your client localisation. This is not miraculous, as a good vpn could override this protection and some ip might be incorrectly localized, but would at least stop a huge amount of scan and bruteforce.


Installation

yum --enablerepo=smecontribs install smeserver-mod_maxminddb


Configuration

you can list the available configuration with the following command :

config show modMaxminddb

Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values :

property default values
Path /usr/share/GeoIP string
status enabled enabled,disabled

Allow access to a specific country

Starting SME10 you can use this mod to allow access to server-manager, user-manager, local ibays, local contributions. In other words, anything that uses httpd-e-smith, has access = local and would have been accessible to an IP if you added this to httpd-admin ValidFrom (or added this Ip or subnet of IPs in the Remote access panel of the server-manager), will be allow any IP considered to this country / countries to access the ressources. THis is powerfull, so use it only if you know the risk. This is still a bit more secure than adding 0.0.0./0.0.0.0 to ValidFrom but ... you known vpn and proxies exists....

to add access to all IPs localized in Canada and France:

config setprop httpd-admin ValidFromGeoIP CA,FR
expand-template /etc/httpd/conf/httpd.conf
systemctl restart httpd-e-smith

Remove all access by Country

config delprop httpd-admin ValidFromGeoIP 
expand-template /etc/httpd/conf/httpd.conf
systemctl restart httpd-e-smith

Uninstall

yum remove smeserver-mod_maxminddb  smeserver-mod_maxminddb

Bugs

Please raise bugs under the SME-Contribs section in bugzilla and select the smeserver-mod_maxminddb component or use this link


Below is an overview of the current issues for this contrib:

IDProductVersionStatusSummary (2 tasks)
10769SME Contribs9.2CONFIRMEDNFR: allow to choose language instead of english default
10768SME Contribs9.2IN_PROGRESSNFR: block|allow panels by country

Changelog

Only released version in smecontrib are listed here.

smeserver-mod_maxminddb Changelog: SME 10 (smecontribs)

2021/04/02 Jean-Philippe Pialasse 1.1.0-11.sme
- add option to allow countries to external access to manager [SME: 10768]

 ValidFromGeoIP will add access to listed countries to managers and all
ressources using the usual list from httpd-admin Validfrom (local ibays, contribs...)

2021/04/02 Jean-Philippe Pialasse 1.1.0-10.sme
- initial import to SME 10 [SME: 11521]

- update event created
2019/04/11 Jean-Philipe Pialasse 1.1.0-7.sme
- fix missing db on installation [SME: 10770]
2019/03/14 Jean-Philipe Pialasse 1.1.0-6.sme
- configure necessary variables [SME: 10759]

2019/03/13 Jean-Philipe Pialasse 1.1.0-4.sme
- fix typo [SME: 10759]
- add requires mod_maxminddb

- rename template
smeserver-mod_maxminddb Changelog: SME 9 (smecontribs)
2019/04/11 Jean-Philipe Pialasse 1.1.0-7.sme
- fix missing db on installation [SME: 10770]
2019/03/14 Jean-Philipe Pialasse 1.1.0-6.sme
- configure necessary variables [SME: 10759]

2019/03/13 Jean-Philipe Pialasse 1.1.0-4.sme
- fix typo [SME: 10759]
- add requires mod_maxminddb

- rename template
2019/03/12 Jean-Philipe Pialasse 1.1.0-1.sme
- Initial version [SME: 10759]