I’ve tested it and it works fine, I’m documenting the exact steps I followed and the Hestia templates I’ve used for Apache.
1.- Install apache2-dev
(required to compile maxmind module) and create the work dir:
apt install apache2-dev -y
mkdir -p /usr/local/src/maxmind
2.- Download, compile and install library libmaxminddb
cd /usr/local/src/maxmind
curl -fsSLm15 "$(curl -fsSLm15 "https://api.github.com/repos/maxmind/libmaxminddb/releases/latest"| jq -r '.assets[]|.browser_download_url')" -O
tar xf libmaxminddb-1.12.2.tar.gz
cd libmaxminddb-1.12.2
./configure
make
make check
sudo make install
sudo ldconfig
3.- Download, compile and install module maxminddb
:
cd /usr/local/src/maxmind
curl -fsSLm15 "$(curl -fsSLm15 "https://api.github.com/repos/maxmind/mod_maxminddb/releases/latest"| jq -r '.assets[]|.browser_download_url')" -O
tar xf mod_maxminddb-1.3.0.tar.gz
cd mod_maxminddb-1.3.0
./configure
sudo make install
4.- Download GeoLite2 Country DB (you must create a maxmind account and inside the account a license key).
Note: replace HereTheAccountID
and HereTheLicenseKey
with the actual data.
mkdir -p /usr/local/share/GeoIP/
cd /usr/local/share/GeoIP/
curl -fsSLm15 -u HereTheAccountID:HereTheLicenseKey "https://download.maxmind.com/geoip/databases/GeoLite2-Country/download?suffix=tar.gz" -o GeoLite2-Country.tar.gz
tar --wildcards --strip-components=1 -xf GeoLite2-Country.tar.gz '*.mmdb'
5.- Restart Apache and check whether the module is loaded:
systemctl restart apache2
#Below command must show this: maxminddb_module (shared)
apache2ctl -M | grep max
6.- Create the Apache templates.
6.1.- Example of templates that will only ALLOW requests from these countries; Spain (ES) and Portugal (PT)
Create those templates inside dir /usr/local/hestia/data/templates/web/apache2/php-fpm/
I’m basically adding this block inside directives: <Directory %docroot%>
and <Directory %sdocroot%>
:
Note: replace (ES|PT)
with the iso code for countries you want to allow; (ES|PT|DE)
, (ES)
if you only want to allow one country, etc.
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) AllowCountry
<RequireAll>
Require all granted
Require env AllowCountry
</RequireAll>
</IfModule>
maxmind-allow.tpl
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
<VirtualHost %ip%:%web_port%>
ServerName %domain_idn%
%alias_string%
ServerAdmin %email%
DocumentRoot %docroot%
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
<Directory %home%/%user%/web/%domain%/stats>
AllowOverride All
</Directory>
<Directory %docroot%>
AllowOverride All
Options +Includes -Indexes +ExecCGI
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) AllowCountry
<RequireAll>
Require all granted
Require env AllowCountry
</RequireAll>
</IfModule>
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
maxmind-allow.stpl
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
<VirtualHost %ip%:%web_ssl_port%>
ServerName %domain_idn%
%alias_string%
ServerAdmin %email%
DocumentRoot %sdocroot%
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
<Directory %home%/%user%/web/%domain%/stats>
AllowOverride All
</Directory>
<Directory %sdocroot%>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) AllowCountry
<RequireAll>
Require all granted
Require env AllowCountry
</RequireAll>
</IfModule>
</Directory>
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
<FilesMatch \.php$>
SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
6.2.- Example of templates that will only BLOCK requests from these countries; Spain (ES) and Portugal (PT)
I’m basically adding this block inside directives: <Directory %docroot%>
and <Directory %sdocroot%>
:
Note: replace (ES|PT)
with the iso code for countries you want to block; (ES|PT|DE)
, (ES)
if you only want to block one country, etc.
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) BlockCountry
<RequireAll>
Require all granted
Require not env BlockCountry
</RequireAll>
</IfModule>
maxmind-block.tpl
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
<VirtualHost %ip%:%web_port%>
ServerName %domain_idn%
%alias_string%
ServerAdmin %email%
DocumentRoot %docroot%
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
IncludeOptional %home%/%user%/conf/web/%domain%/apache2.forcessl.conf*
<Directory %home%/%user%/web/%domain%/stats>
AllowOverride All
</Directory>
<Directory %docroot%>
AllowOverride All
Options +Includes -Indexes +ExecCGI
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) BlockCountry
<RequireAll>
Require all granted
Require not env BlockCountry
</RequireAll>
</IfModule>
</Directory>
<FilesMatch \.php$>
SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
maxmind-block.stpl
#=========================================================================#
# Default Web Domain Template #
# DO NOT MODIFY THIS FILE! CHANGES WILL BE LOST WHEN REBUILDING DOMAINS #
# https://hestiacp.com/docs/server-administration/web-templates.html #
#=========================================================================#
<VirtualHost %ip%:%web_ssl_port%>
ServerName %domain_idn%
%alias_string%
ServerAdmin %email%
DocumentRoot %sdocroot%
ScriptAlias /cgi-bin/ %home%/%user%/web/%domain%/cgi-bin/
Alias /vstats/ %home%/%user%/web/%domain%/stats/
Alias /error/ %home%/%user%/web/%domain%/document_errors/
#SuexecUserGroup %user% %group%
CustomLog /var/log/%web_system%/domains/%domain%.bytes bytes
CustomLog /var/log/%web_system%/domains/%domain%.log combined
ErrorLog /var/log/%web_system%/domains/%domain%.error.log
<Directory %home%/%user%/web/%domain%/stats>
AllowOverride All
</Directory>
<Directory %sdocroot%>
AllowOverride All
SSLRequireSSL
Options +Includes -Indexes +ExecCGI
<IfModule mod_maxminddb.c>
MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBEnv MM_COUNTRY_CODE COUNTRY_DB/country/iso_code
SetEnvIf MM_COUNTRY_CODE ^(ES|PT) BlockCountry
<RequireAll>
Require all granted
Require not env BlockCountry
</RequireAll>
</IfModule>
</Directory>
SSLEngine on
SSLVerifyClient none
SSLCertificateFile %ssl_crt%
SSLCertificateKeyFile %ssl_key%
%ssl_ca_str%SSLCertificateChainFile %ssl_ca%
<FilesMatch \.php$>
SetHandler "proxy:%backend_lsnr%|fcgi://localhost"
</FilesMatch>
SetEnvIf Authorization .+ HTTP_AUTHORIZATION=$0
IncludeOptional %home%/%user%/conf/web/%domain%/%web_system%.ssl.conf_*
IncludeOptional /etc/apache2/conf.d/*.inc
</VirtualHost>
7.- Now edit your web domain and change the backend template of your domain by one of these new maxmind templates.
TIP
You should install geoipupdate utility and create a cron job to update every x days the maxmind DB.