[Resolved] Problem with GeoIP & .htaccess

Status
Not open for further replies.
#1
I successfully install mod_geoip in my server. I test by using the following code & it show the right country

Code:
<?php

    if (getenv(HTTP_X_FORWARDED_FOR)) {
        $pipaddress = getenv(HTTP_X_FORWARDED_FOR);
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your Proxy IP address is : ".$pipaddress. " (via $ipaddress) " ;
    } else {
        $ipaddress = getenv(REMOTE_ADDR);
        echo "My IP address is : $ipaddress";
    }
    $country = getenv(GEOIP_COUNTRY_NAME);
    echo "<br />My Country : $country";

    $country2 = $_SERVER['GEOIP_COUNTRY_CODE'];
    echo "<br />My Country Code : $country2";
?>
I want to block wp-login.php by using GeoIP. Only to allow for certain country by using .htaccess but seem to be not working. This is my code in .htaccess

Code:
<IfModule mod_geoip.c>
<FilesMatch "wp-login.php">

SetEnvIf GEOIP_COUNTRY_CODE CA AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE MX AllowCountry
Deny from all
Allow from env=AllowCountry

</FilesMatch>
</IfModule>
The same code showed in http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Allowing_clients_based_on_country

Any ideas what is wrong?
 
#3
Already done that. As I told in my first post, it is already working except it not blocking as specified in .htaccess.

I do more testing, even the redirect using .htaccess is working. I use the code below

Code:
<IfModule mod_geoip.c>
<FilesMatch "wp-login.php|xmlrpc.php">
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(US|AU)$
RewriteRule ^(.*)$ http://example.com/$1 [L]
</FilesMatch>
</IfModule>
It just the blocking don't work.

By the way I'm using LSWS 4.2.24
 

NiteWave

Administrator
#4
ok, to summary. the issue is:
Code:
Deny from all
Allow from env=AllowCountry
not working by your test -- I think our dev will look into it.

since following is working:
Code:
<IfModule mod_geoip.c>
<FilesMatch "wp-login.php|xmlrpc.php">
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(US|AU)$
RewriteRule ^(.*)$ http://example.com/$1 [L]
</FilesMatch>
</IfModule>
following rule
Code:
<IfModule mod_geoip.c>
<FilesMatch "wp-login.php|xmlrpc.php">
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(US|AU)$
RewriteRule ^(.*)$ - [F,L]
</FilesMatch>
</IfModule>
should work as well ? it blocks the request by F flag instead of "Deny from ..." directive.
 
Last edited by a moderator:
#6
Hi,

Now, I'm using Cloudflare CF-IPCOUNTRY to do this. The code below works very well to block access wp-login.php except in my country.

However after I upgrade to the latest version 5.1.2, it cause redirect loop instead of 403 forbidden error. Any idea what is wrong?

Code:
<FilesMatch "wp-login.php|xmlrpc.php">
RewriteEngine on
RewriteCond %{HTTP:CF-IPCOUNTRY} !^(AU)$
RewriteRule ^ - [F,L]
</FilesMatch>
 
Last edited:

NiteWave

Administrator
#7
I did similar test, looks it's working with latest 5.1.2 build 5.

#cat /usr/local/lsws/autoupdate/build
5

if above file "build" not exist, or less than 5, please force-reinstall 5.1.2 to latest build, see if the issue gone.
 

NiteWave

Administrator
#9
My test didn't include
Code:
RewriteCond %{HTTP:CF-IPCOUNTRY} !^(AU)$
can you test if FilesMatch works on your server ? it works on my test server.

suggested steps:
1.add following in .htaccess:
Code:
<FilesMatch "abc.php">
RewriteEngine on
RewriteRule ^ - [F,L]
</FilesMatch>
2. access it by
Code:
#curl -I your-domain.com/abc.php
expected result:
Code:
HTTP/1.1 403 Forbidden
...
 
Last edited by a moderator:
#16
probably bug in 5.1.x, but to fix it, we need reproduce the issue. can you enabled rewrite debug log, and access the problem URL, send the log here ?
 
#17
Yes, I try to get rewrite log but sure what I did correct as I don't see "rewrite.log" file in /usr/local/apache/logs/

Code:
<FilesMatch "wp-login.php|xmlrpc.php">
RewriteEngine on
RewriteLog "/usr/local/apache/logs/rewrite.log"
RewriteCond %{HTTP:CF-IPCOUNTRY} !^(AU)$
RewriteRule ^ - [F,L]
</FilesMatch>
 
#18
http://httpd.apache.org/docs/2.2/mod/mod_rewrite.html#rewritelog
RewriteLog Directive
Context: server config, virtual host

RewriteLogLevel Directive
Syntax: RewriteLogLevel Level
Default: RewriteLogLevel 0
Context: server config, virtual host

please note above "Context", not include ".htaccess", mean the directive only effective in "server config, virtual host" or httpd.conf
maybe you only need put
Code:
RewriteLogLevel 9
in virtual host section of httpd.conf
and can find the log in error.log or error_log
 
Last edited by a moderator:

mistwang

LiteSpeed Staff
#20
Please try the latest build 5.1.3
Code:
/usr/local/lsws/admin/misc/lsup.sh -f -v 5.1.3
should be fixed.
 
Last edited by a moderator:
Status
Not open for further replies.
Top