Apache2 GeoIP Module For Blocking Unwanted HTTP POSTs

June 13th, 2010

For some time I've used mod_spamhaus to block comment spam, similar to how I deflect email spam. I'm OK with this because it only blocks POST, PUT, DELETE, and CONNECT requests, not GET requests.

Still, email spam is different than comment spam, so I setup mod_geoip to block users from anonymous proxies (that's the "A1" in the rewrite rule below). I'm also tracking countries codes in the logs to see if I can find out where most of the POSTs are coming from.

GeoIP Module Setup

<IfModule mod_geoip.c>
  GeoIPEnable On
  GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MMapCache
  GeoIPOutput All
  GeoIPScanProxyHeaders On

Access Control

RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(A1)$
RewriteRule . - [F,L]


LogFormat "\"%{X-FORWARDED-FOR}i\" \"%{PROXY-CONNECTION}i\" \"%{HTTP-PC-REMOTE-ADDR}i\" \"%{GEOIP_COUNTRY_CODE}e\" \"%r\"" proxy_info


What's extra cool is that NGINX has this capability too! Its even built into the latest debian package:

    ./configure --conf-path=/etc/nginx/nginx.conf \
        --error-log-path=/var/log/nginx/error.log \
        --pid-path=/var/run/ \
        --lock-path=/var/lock/nginx.lock \
        --http-log-path=/var/log/nginx/access.log \
        --http-client-body-temp-path=/var/lib/nginx/body \
        --http-proxy-temp-path=/var/lib/nginx/proxy \
        --http-fastcgi-temp-path=/var/lib/nginx/fastcgi \
        --with-debug \
        --with-http_stub_status_module \
        --with-http_flv_module \
        --with-http_ssl_module \
        --with-http_dav_module \
        --with-http_gzip_static_module \
        --with-http_realip_module \
        --with-mail \
        --with-mail_ssl_module \
        --with-ipv6 \
        --with-http_geoip_module \

Oh cool - it has the static gzip module too!

Yearly Indexes: 2003 2004 2006 2007 2008 2009 2010 2011 2012 2013 2015 2019 2020 2022