[BUG] GEOIP ACL - Githubissues

tobychui / zoraxy

A general purpose HTTP reverse proxy and forwarding tool. Now written in Go!

https://zoraxy.arozos.com

GNU Affero General Public License v3.0

2.64k stars 154 forks source link

[BUG] GEOIP ACL #257

Open barto95100 opened 1 month ago

barto95100 commented 1 month ago

Describe the bug Problem with ACL and geoip country

To Reproduce country selected is FRANCE and test to access url with this ACL not work (403 Forbidden) I verify the ip lookup and the ip used is in maxmind FRANCE Country

If i add manuelly the ip in ACL thé connections work

What's the source of geoip database use by zoraxy ?

tobychui commented 1 month ago

@barto95100

Source of geoip database is this: https://www.jsdelivr.com/package/npm/@ip-location-db/geolite2-asn

And the code for updating the database can be found here: https://github.com/tobychui/zoraxy/blob/main/tools/update_geodb.sh

There is nothing I can do as this is part of the CI/CD process of automatically update the build in IPv4 and IPv6 mapping of the country code (which changes all the time). I guess if you already know your IP address, you should use IP whitelist instead.

barto95100 commented 1 month ago

Ok i check the file download from script : https://github.com/tobychui/zoraxy/blob/main/tools/update_geodb.sh

download file is :
https://cdn.jsdelivr.net/npm/@ip-location-db/geo-whois-asn-country/geo-whois-asn-country-ipv4.csv

and after lookup most ip range is not present in this file...

why you don't use the maxmind to download the file ? with API

Maxmind indicate in site :

CleanShot 2024-07-21 at 20 45 46

Url : https://support.maxmind.com/hc/en-us/articles/4408216129947-Download-and-Update-Databases

I found this for GO and maxmind : https://pkg.go.dev/github.com/oschwald/maxminddb-golang?utm_source=godoc

I don't know if this could help you because I'm not a developer :(

I guess if you already know your IP address, you should use IP whitelist instead.: The problem is if I test from my cellular mobile the ip change every time

tobychui commented 1 month ago

@barto95100 Maxmind dataset license is not compatible with Zoraxy in some of the use cases.

The problem is if I test from my cellular mobile the ip change every time

Your ISP should have been assigned a fixed IP address range. You can look up on the internet regarding what possible IPs your ISP is using and use that CIDR as whitelist target.

I guess we can switch to the db one if the daily one is not too accurate, as I can see your IP address is correctly reported in the other csv file from the list.

DB-IP Lite Country CC BY 4.0 by DB-IP dbip-country-ipv4.csv