Differences

This shows you the differences between two versions of the page.

--- litespeed_wiki:cache:common:geoip-support [2019/01/08 19:29]
Lisa Clarke [Example 1: Block wp-login.php from certainty countries]
+++ litespeed_wiki:cache:common:geoip-support [2020/11/14 15:24]
Lisa Clarke Redirect to new Documentation Site
@@ Line 1: / Line 1: @@
-====== GeoLocation support (GEOIP) for LiteSpeed Web Server  ======
+~~REDIRECT>https://docs.litespeedtech.com/cp/cpanel/geoip/~~
-LSCache supports GEOIP.
-For LSWS v5.2.x and earlier, only the MaxMind Legacy Database .dat is supported. As of LSWS v5.3RC2, LSWS supports the [[https://www.maxmind.com/en/geoip2-databases|MaxMind GeoIP2 format database]], ''.mmdb''. The database path configuration is in the same location as the legacy DB (**Configuration > Server > General > General settings > IP to GeoLocation DB**), then set the database path to either ''.dat'' or ''.mmdb''.
-There are two sections in the LSWS WEB Admin Console settings: **IP to GeoLocation DB** and **IP2Location DB**. Both the MaxMind legacy db and MaxMind GeoIP2 db should use the **IP to GeoLocation DB** section.  Don't use **IP2Location DB** for MaxMind GeoIP2 database since **IP2Location DB** is meant for the  [[https://www.ip2location.com/|IP2Location database]].  You should only use one location database at a time.
-{{ :litespeed_wiki:cache:common:lsws-geoip-settings.png?800 |}}
-To setup and enable GeoIP on LSWS, you will need to choose one database, download and install the database to a directory, setup the database path in LSWS Admin, enable GeoIP through the Apache configuration or LSWS native, then finally run some tests.
-===== Download and Configure GEOIP Database Path =====
-You will need to choose only one database to be used for your GeoIP: MaxMind GeoIP2, MaxMind Legacy Database, or IP2location database. Then, set up the right database path in the appropriate section in the LSWS Web Admin Console.
-==== MaxMind GeoIP2 Database ====
-=== Download and Install Database===
-Let's assume that you will store the DB in ''/usr/share/GeoIP/''.
-Download the free database from ''https://dev.maxmind.com/geoip/geoip2/geolite2/'':
-  wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
-  tar -zxvf GeoLite2-Country.tar.gz
-Then, move the file ''GeoLite2-Country.mmdb'' to
-  /usr/share/GeoIP/GeoLite2-Country.mmdb
-=== Setup database file path ===
-In LSWS WebAdmin, configure the database location.  Navigate to **Configuration > Server > General > General settings** and set  **[[https://www.litespeedtech.com/docs/webserver/config/general#geolocationDB|IP to GeoLocation DB]]** to the database path.
-Alternatively, you can edit the LSWS configuration file directly:
-<code> vi /usr/local/lsws/conf/httpd_config.xml</code>
-And add the following before ''<tuning>'':
-<code>
- <ipToGeo>
-    <geoipDB>
-      <geoipDBFile>/usr/share/GeoIP/GeoLite2-Country.mmdb</geoipDBFile>
-    </geoipDB>
- </ipToGeo>
-  </code>
-==== MaxMind Legacy Database ====
-=== Install MaxMind Legacy Database===
-There are a few ways to install a MaxMind Legacy Database: through rpm packages install, or through direct download.
-For example, for a CentOS user:
-Install GeoIP database.
-<code>yum install GeoIP</code>
-Also check the installation location:
-<code>rpm -ql GeoIP</code>
-It may return the database path as <code>/usr/share/GeoIP/GeoIP.dat</code>
-Alternatively, you can just download the database yourself directly.
-**NOTE**: On January 2, 2019, MaxMind discontinued the GeoLite Legacy databases. GeoLite Legacy databases are no longer available for download.
-=== Setup Database File Path ===
-In LSWS WebAdmin, configure the database location: Navigate to **Configuration > Server > General > General settings** and set  **[[https://www.litespeedtech.com/docs/webserver/config/general#geolocationDB|IP to GeoLocation DB]]** to the database path.
-Alternatively, you can edit the LSWS configuration file directly:
-<code> vi /usr/local/lsws/conf/httpd_config.xml</code>
-And add the following before ''<tuning>'':<code>
- <ipToGeo>
-    <geoipDB>
-      <geoipDBFile>/usr/share/GeoIP/GeoIP.dat</geoipDBFile>
-    </geoipDB>
- </ipToGeo>
-</code>
-==== IP2Location Database ====
-You can download the IP2Location Database from [[https://www.ip2location.com/|their website]] and configure the **IP2Location DB File Path** in the **IP2Location DB** section.
-===== Enable GeoIP in Apache Config or LSWS Native Setting==
-==== cPanel/WHM ====
-  * If using cPanel/WHM navigate to **WHM > Service Configuration > Apache Configuration > Include Editor > Pre Main Include** Select ''All Versions'' in the dropdown box and then add the following to the text box:<code>
-<IfModule LiteSpeed>
-GeoIPEnable On
-</IfModule>
-</code>
-==== LSWS (Native) ====
-  * If not using any control panel, navigate to **LSWS Web GUI > Configuration > Server > General**. Scroll to **Apache Style Configurations**, hit **edit** and add the following:<code>GeoIPEnable On</code>
-===== Testing =====
-On cPanel/WHM, you can add the following rewrite rules to your ''.htaccess'' file to control the redirect. In native LSWS, you can create a "/" context or other proper context and place the rewrite rules there.
-==== Example 1: Block wp-login.php from certain countries ====
-For example, to block WordPress ''wp-login.php'' or ''xmlrpc.php'' access from countries not in (GB|DK|US|IN):
-<code>
-<IfModule mod_geoip.c>
-RewriteEngine on
-RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(GB|DK|US|IN)$
-RewriteRule (wp-login|xmlrpc).php$ - [F,L]
-</IfModule>
-</code>
-When you access ''yourdomain.com/wp-login.php'' from AU or any other non GB|DK|US|IN country, you should see a 403 error.
-==== Example 2: Redirecting a client based on country ====
-This example shows you how to redirect a client based on the country code that GeoIP sets.
-  GeoIPEnable On
-  # Redirect one country
-  RewriteEngine on
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
-  RewriteRule ^(.*)$ http://www.canada.com$1 [R,L]
-<code># Redirect multiple countries to a single page
-  RewriteEngine on
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
-  RewriteRule ^(.*)$ http://www.northamerica.com$1 [R,L]
-</code>
-Refer to [[http://dev.maxmind.com/geoip/legacy/mod_geoip2/#Redirecting_a_client_based_on_country|Maxmind]] for more rewrite examples.
-===== Troubleshooting =====
-==== ''GeoIPDBFile'' directive is for Apache, not LSWS ====
-In Apache, you can use ''GeoIPDBFile'' directive to define the database, however it can not be used for LiteSpeed. You should follow the beginning step of this wiki to define the databaes path from LSWS Web Admin Console or at LSWS configureation file directly.
-==== Why infinite redirect for my GeoIP rewrite Rules ====
-A user would like to setup GeoIP rules to direct traffic to main domain's subfolder based on IPs. The following rules have been set in .htaccess, however, it seems to come to redirect loop hence claimed GeoIP was not working properly.
-  RewriteEngine on
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
-  RewriteRule ^(.*)$ https://www.example.com/us/$1 [R,L]
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SG$
-  RewriteRule ^(.*)$ https://www.example.com/sg/$1 [R,L]
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MY$
-  RewriteRule ^(.*)$ https://www.example.com/my/$1 [R,L]
-If it came to a redirect loop, it means GeoIP module was actually working. How the redirect loop occurs? While for such subfolder redirect, you might need to be more careful. The reason you get a redirect error, is because the rules will be evaluated again after the redirect has been performed, so if you access ''/'' it gets redirected to e.g. ''/us'', then on ''/us'', it will be asked to redirect again to ''/us'' - and you end up with a loop. The fix is to add an additional condition to prevent this, such as ''RewriteCond %{REQUEST_URI} !^/us[NA]''. So what it does, is to only redirect to /us if country code from the GeoIP matches US and the request URI doesn't start with /us.
-The final rules should be:
-  RewriteEngine on
-  RewriteCond %{REQUEST_URI} !^/us [NC]
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
-  RewriteRule ^(.*)$ https://www.example.com/us/$1 [R,L]
-  RewriteCond %{REQUEST_URI} !^/sg [NC]
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SG$
-  RewriteRule ^(.*)$ https://www.example.com/sg/$1 [R,L]
-  RewriteCond %{REQUEST_URI} !^/my [NC]
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MY$
-  RewriteRule ^(.*)$ https://www.example.com/my/$1 [R,L]
-==== Please clarify what do you mean ''GeoIP not working''====
-Quite often we received report claiming ''GeoIP not working''. It is a little vague/confused that if ''GeoIP module not working''? or ''GeoIP rewrite rules do not work as expected''? You 'd better to clarify the above first before logging any ticket.
-''GeoIP module not working'' can be easily verified through the following (change the country code ''US'' to your country code accordingly):
-<code>
-  <IfModule mod_geoip.c>
-  RewriteEngine on
-  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
-  RewriteRule ^(.*)$ - [F,L]
-  </IfModule>
-</code>
-If it returns 404, then it means GeoIP module is actually working.
-''GeoIP rewrite rules do not work as expected" could be more complicated. You will need to check the rules to see any bug there, such as redirect loop. When needed, you can log a ticket with us with the rules set not working as expected and more detailed test example for us to take a further look.