This is an old revision of the document!


GeoLocation support (GEOIP) for LiteSpeed Web Server

LSCache supports GEOIP.

For LSWS v5.2.x and earlier, only the MaxMind Legacy Database .dat is supported. As of LSWS v5.3RC2, LSWS supports the MaxMind GeoIP2 format database, .mmdb. The database path configuration is in the same location as the legacy DB (Configuration > Server > General > General settings > IP to GeoLocation DB), then set the database path to either .dat or .mmdb.

There are two sections in the LSWS WEB Admin Console settings: IP to GeoLocation DB and IP2Location DB. Both the MaxMind legacy db and MaxMind GeoIP2 db should use the IP to GeoLocation DB section. Don't use IP2Location DB for MaxMind GeoIP2 database since IP2Location DB is meant for the IP2Location database. You should only use one location database at a time.

To setup and enable GeoIP on LSWS, you will need to choose one database, download and install the database to a directory, setup the database path in LSWS Admin, enable GeoIP through the Apache configuration or LSWS native, then finally run some tests.

You will need to choose only one database to be used for your GeoIP: MaxMind GeoIP2, MaxMind Legacy Database, or IP2location database. Then, set up the right database path in the appropriate section in the LSWS Web Admin Console.

MaxMind GeoIP2 Database

Download and Install Database

Let's assume that you will store the DB in /usr/share/GeoIP/.

Download the free database from https://dev.maxmind.com/geoip/geoip2/geolite2/:

wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
tar -zxvf GeoLite2-Country.tar.gz

Then, move the file GeoLite2-Country.mmdb to

/usr/share/GeoIP/GeoLite2-Country.mmdb

Set up Database File Path and Name

In LSWS WebAdmin, configure the database location and name(Both DB File Path and DB Name are mandatory and can not be empty). Your choice of DB name is important: you must use COUNTRY_DB for a country database, and CITY_DB for a city database. Navigate to Configuration > Server > General > General settings and set IP to GeoLocation DB to the database path. Then set DB Name to COUNTRY_DB or CITY_DB. Environment Variables and Notes are optional.

Alternately, you can edit the LSWS configuration file directly:

 vi /usr/local/lsws/conf/httpd_config.xml

And add the following before <tuning>:

 <ipToGeo>
    <geoipDB>
      <geoipDBFile>/usr/share/GeoIP/GeoLite2-Country.mmdb</geoipDBFile>
      <geoipDBName>COUNTRY_DB</geoipDBName>
    </geoipDB>
 </ipToGeo>
  

GEOIP2 Envirment Variables

Our default list is:

"GEOIP_COUNTRY_CODE", "/country/iso_code" 
"GEOIP_CONTINENT_CODE", "/continent/code" 
"GEOIP_REGION", "/subdivisions/0/iso_code"
"GEOIP_METRO_CODE", "/location/metro_code"
"GEOIP_LATITUDE", "/location/latitude"
"GEOIP_LONGITUDE", "/location/longitude"
"GEOIP_POSTAL_CODE", "/postal/code"
"GEOIP_CITY", "/city/names/en"

You can customize the configuration to add the environment variables you want. For example, you can add the following.

GEOIP_REGION_NAME CITY_DB/subdivisions/0/names/en

Please make sure the correct entry name is used. For example, the following is incorrect.

GEOIP_REGION_NAME CITY_DB/subdivisions/0/name/en

MaxMind Legacy Database

Install MaxMind Legacy Database

There are a few ways to install a MaxMind Legacy Database: through rpm packages install, or through direct download. For example, for a CentOS user:

Install GeoIP database.

yum install GeoIP

Also check the installation location:

rpm -ql GeoIP

It may return the database path as

/usr/share/GeoIP/GeoIP.dat

Alternatively, you can just download the database yourself directly.

NOTE: On January 2, 2019, MaxMind discontinued the GeoLite Legacy databases. GeoLite Legacy databases are no longer available for download.

Setup Database File Path

In LSWS WebAdmin, configure the database location: Navigate to Configuration > Server > General > General settings and set IP to GeoLocation DB to the database path.

Alternatively, you can edit the LSWS configuration file directly:

 vi /usr/local/lsws/conf/httpd_config.xml

And add the following before <tuning>:

 <ipToGeo>
    <geoipDB>
      <geoipDBFile>/usr/share/GeoIP/GeoIP.dat</geoipDBFile>
    </geoipDB>
 </ipToGeo>

IP2Location Database

You can download the IP2Location Database from their website and configure the IP2Location DB File Path in the IP2Location DB section.

cPanel/WHM

  • If using cPanel/WHM navigate to WHM > Service Configuration > Apache Configuration > Include Editor > Pre Main Include Select All Versions in the dropdown box and then add the following to the text box:
    <IfModule LiteSpeed>
    GeoIPEnable On
    </IfModule>

LSWS (Native)

  • If not using any control panel, navigate to LSWS Web GUI > Configuration > Server > General. Scroll to Apache Style Configurations, hit edit and add the following:
    GeoIPEnable On

On cPanel/WHM, you can add the following rewrite rules to your .htaccess file to control the redirect. In native LSWS, you can create a “/” context or other proper context and place the rewrite rules there.

Example 1: Block wp-login.php from certain countries

For example, to block WordPress wp-login.php or xmlrpc.php access from countries not in (GB|DK|US|IN):

<IfModule mod_geoip.c>
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} !^(GB|DK|US|IN)$
RewriteRule (wp-login|xmlrpc).php$ - [F,L]
</IfModule>

When you access yourdomain.com/wp-login.php from AU or any other non GB|DK|US|IN country, you should see a 403 error.

Example 2: Redirecting a client based on country

This example shows you how to redirect a client based on the country code that GeoIP sets.

GeoIPEnable On
# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^CA$
RewriteRule ^(.*)$ http://www.canada.com$1 [R,L]
# Redirect multiple countries to a single page
  RewriteEngine on
  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(CA|US|MX)$
  RewriteRule ^(.*)$ http://www.northamerica.com$1 [R,L]

Refer to Maxmind for more rewrite examples.

''GeoIPDBFile'' directive is for Apache, not LSWS

In Apache, you can use GeoIPDBFile directive to define the database, however it cannot be used for LiteSpeed. You should follow the beginning steps in this wiki to define the database path from LSWS Web Admin Console or the LSWS configuration file directly.

GeoIP Rewrite Rules Infinite Loop

A user would like to set up GeoIP rules to direct traffic to the main domain's subfolder based on IP. The following rules have been set in .htaccess, however, it seems to cause a redirect loop.

RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
RewriteRule ^(.*)$ https://www.example.com/us/$1 [R,L]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SG$
RewriteRule ^(.*)$ https://www.example.com/sg/$1 [R,L]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MY$
RewriteRule ^(.*)$ https://www.example.com/my/$1 [R,L]

The redirect loop actually indicates the the GeoIP module is working.

The redirect error happens because the rules are evaluated again after the redirect is performed. So, if you access /, and it gets redirected to e.g. /us, then on /us, it will be asked to redirect again to /us - and you end up with a loop. The fix is to add an additional condition to prevent this, such as RewriteCond %{REQUEST_URI} !^/us[NA]. This way, you only redirect to /us if the country code from GeoIP matches US and the request URI doesn't already start with /us.

The final rules should be:

RewriteEngine on
RewriteCond %{REQUEST_URI} !^/us [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
RewriteRule ^(.*)$ https://www.example.com/us/$1 [R,L]
RewriteCond %{REQUEST_URI} !^/sg [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^SG$
RewriteRule ^(.*)$ https://www.example.com/sg/$1 [R,L]
RewriteCond %{REQUEST_URI} !^/my [NC]
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^MY$
RewriteRule ^(.*)$ https://www.example.com/my/$1 [R,L]

Be more specific than "GeoIP not working"

Quite often we receive a report claiming that “GeoIP is not working”“. This is too vague. Is the GeoIP module note working? Or are the GeoIP rewrite rules not working as expected? It's best to clarify before logging any ticket.

Whether the GeoIP module is working can be easily verified through the following (change the country code US to your country code accordingly):

  <IfModule mod_geoip.c>
  RewriteEngine on
  RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^US$
  RewriteRule ^(.*)$ - [F,L]
  </IfModule>

If it returns 403 forbidden, then it means the GeoIP module is actually working.

GeoIP rewrite rules that do not work as expected may be more complicated. You will need to check the rules to look for issues such as a redirect loop. When needed, you can log a ticket with us. Let us know the rules set is not working as expected, and provide a more detailed test example for us to take a further look.

  • Admin
  • Last modified: 2019/04/16 14:00
  • by Jackson Zhang