Line 24: |
Line 24: |
| <!-- keep this first element as is, you can add some if needed --> | | <!-- keep this first element as is, you can add some if needed --> |
| {{#smeversion: {{#var:smecontribname}} }} | | {{#smeversion: {{#var:smecontribname}} }} |
− | {{#smeversion: {{#var:contribname}} }} | + | {{#smeversion: mod_maxminddb }} |
| | | |
| === Description === | | === Description === |
Line 37: |
Line 37: |
| | | |
| === Configuration === | | === Configuration === |
− | you can list the available configuration with the followinf command : | + | you can list the available configuration with the following command : |
| config show modMaxminddb | | config show modMaxminddb |
| | | |
| Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values : | | Some of the properties are not shown, but are defaulted in a template or a script. Here a more comprehensive list with default and expected values : |
| {| class="wikitable" | | {| class="wikitable" |
| + | !db |
| + | !key |
| !property | | !property |
| !default | | !default |
| !values | | !values |
− | ! | + | !role |
| |- | | |- |
| + | |configuration |
| + | |modMaxminddb |
| |Path | | |Path |
| |/usr/share/GeoIP | | |/usr/share/GeoIP |
Line 52: |
Line 56: |
| | | | | |
| |- | | |- |
| + | |configuration |
| + | |modMaxminddb |
| |status | | |status |
| |enabled | | |enabled |
| |enabled,disabled | | |enabled,disabled |
| + | |- |
| + | |configuration |
| + | |http-admin |
| + | |ValidFromGeoIP |
| + | |(empty) |
| + | |country code coma separated |
| + | |list of whitelisted country allowed to access, e.g.: CA,FR |
| + | |- |
| + | |configuration |
| + | |http-admin |
| + | |GeoIPManager |
| + | | |
| + | | |
| + | |enable geoip access to server-manager |
| + | |- |
| + | |configuration |
| + | |http-admin |
| + | |GeoIPUser |
| + | | |
| + | | |
| + | |enable geoip access to user-manager if installed |
| + | |- |
| + | |configuration |
| + | |http-admin |
| + | |GeoIPPassword |
| + | |enabled |
| + | | |
| + | |enable geoip access to user-password |
| |} | | |} |
| + | ==== Allow access to a specific country ==== |
| + | Starting SME10 you can use this mod to allow access to server-manager, user-manager, local ibays, local contributions. In other words, anything that uses httpd-e-smith, has access = local and would have been accessible to an IP if you added this to httpd-admin ValidFrom (or added this Ip or subnet of IPs in the Remote access panel of the server-manager), will be allow any IP considered to this country / countries to access the ressources. THis is powerfull, so use it only if you know the risk. |
| + | This is still a bit more secure than adding 0.0.0./0.0.0.0 to ValidFrom but ... you known vpn and proxies exists.... |
| + | |
| + | to add access to all IPs localized in Canada and France: |
| + | config setprop httpd-admin ValidFromGeoIP CA,FR |
| + | expand-template /etc/httpd/conf/httpd.conf |
| + | systemctl restart httpd-e-smith |
| + | |
| + | you will then need to add sections manually in a template-custom, first for manager related things that should never have access to http (80): |
| + | mkdir /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHost -p |
| + | printf '{ |
| + | $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ? 'yes' : 'no'; |
| + | if (($haveSSL eq 'yes') && ($port eq $httpsPort) ) |
| + | $OUT =" |
| + | <Location /server-manager> |
| + | Require env AllowCountries |
| + | </Location> |
| + | <Location /server-common> |
| + | Require env AllowCountries |
| + | </Location> |
| + | <Location /user-manager> |
| + | Require env AllowCountries |
| + | </Location> |
| + | <Location /user-password> |
| + | Require env AllowCountries |
| + | </Location>\n"; |
| + | }' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/VirtualHost/98geoipallow |
| + | for directory: |
| + | printf ' |
| + | <Directory /home/e-smith/files/ibays/Primary/html> |
| + | Require env AllowCountries |
| + | </Directory> |
| + | <Directory "/usr/share/nextcloud"> |
| + | Require env AllowCountries |
| + | </Directory> |
| + | ' > /etc/e-smith/templates-custom/etc/httpd/conf/httpd.conf/98geoipallow |
| + | |
| + | |
| + | then expand |
| + | expand-template /etc/httpd/conf/httpd.conf |
| + | httpd -t |
| + | |
| + | if syntx OK then restart httpd |
| + | systemctl restart httpd-e-smith |
| + | |
| + | |
| + | To remove all access by Country |
| + | config delprop httpd-admin ValidFromGeoIP |
| + | expand-template /etc/httpd/conf/httpd.conf |
| + | systemctl restart httpd-e-smith |
| | | |
| === Uninstall === | | === Uninstall === |
| yum remove {{#var:smecontribname}} {{#var:contribname}} | | yum remove {{#var:smecontribname}} {{#var:contribname}} |
| + | === References === |
| + | * https://github.com/maxmind/mod_maxminddb/issues/42 |
| | | |
| === Bugs === | | === Bugs === |