ModSecurity used to have this feature, but now that MaxMind has moved to GeoIP2, it's all broken.
It is still possible to set country-level blocking based on known ip ranges of IPV4 and IPV6, but it requires manually building MaxMind and editing the apache2.conf.
Ideally at install time, the bash script can allow someone to enable which countries they want to allow.
Preliminary code is below. You would still need to add directives to apache2.conf, create cron job that auto updates ip ranges, and a couple of other things.
### MAXMIND
# Program to update database
# Edit apache.conf to allow maxmind and set <if> block
add-apt-repository ppa:maxmind/ppa
apt-get update
apt-get install libmaxminddb0 libmaxminddb-dev mmdb geoipupdate -y
wget https://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
tar -xvf GeoLite2-Country*
mkdir /usr/local/share/GeoIP
mv GeoLite2-Country*/GeoLite2-Country.mmdb /usr/local/share/GeoIP
wget https://github.com/maxmind/mod_maxminddb/releases/download/1.1.0/mod_maxminddb-1.1.0.tar.gz
tar -xvf mod_maxminddb-1.1.0.tar.gz
cd mod_maxminddb-1.1.0
./configure
make install
# Configure GeoIP update https://dev.maxmind.com/geoip/geoipupdate/
ModSecurity used to have this feature, but now that MaxMind has moved to GeoIP2, it's all broken.
It is still possible to set country-level blocking based on known ip ranges of IPV4 and IPV6, but it requires manually building MaxMind and editing the
apache2.conf
.Ideally at install time, the bash script can allow someone to enable which countries they want to allow.
Preliminary code is below. You would still need to add directives to
apache2.conf
, create cron job that auto updates ip ranges, and a couple of other things.