Bii o ṣe le Fi Mod_GeoIP sii fun Afun ni RHEL ati CentOS

Mod_GeoIP jẹ modulu Apache kan ti o le lo lati gba ipo agbegbe ti adirẹsi IP ti alejo si oju opo wẹẹbu Apache. Atokun yii n gba ọ laaye lati pinnu orilẹ-ede alejo, iṣeto, ati ipo. O jẹ iwulo paapaa fun Ṣiṣẹpọ Ipolowo Geo, Akoonu Ifojusi, Ija Spam, Iwari Ẹtan, Atunṣe/Awọn alejo dena ti o da lori orilẹ-ede wọn ati pupọ diẹ sii.

Modulu GeoIP ngbanilaaye awọn alakoso eto lati ṣe atunṣe tabi dènà ijabọ wẹẹbu ni ibamu si ipo agbegbe ti alabara. A kọ ẹkọ ipo ilẹ-aye nipasẹ adirẹsi IP alabara.

Mod_GeoIP ni awọn ẹya oriṣiriṣi meji ọkan jẹ Ọfẹ ati ẹlomiran ni San ati lo awọn apoti isura data MaxMind GeoIP/GeoCity.

  1. Ẹya ọfẹ: Ninu ẹya ọfẹ, Geo data ati awọn apoti isura data Orilẹ-ede wa pẹlu 99.5% deede.
    2. Ẹya ti a sanwo: Ninu ẹya San, iwọ yoo gba awọn apoti isura data mejeeji pẹlu deede 99.8% pẹlu diẹ ninu awọn alaye to ti ni ilọsiwaju siwaju sii nipa adiresi IP.

Ti o ba fẹ lati ṣayẹwo awọn iyatọ diẹ sii laarin ẹya ọfẹ ati Owo sisan, jọwọ ṣẹwo si Maxmind.com.

Nkan yii ṣalaye bi o ṣe le ṣeto ati fi sori ẹrọ modulu Mod_GeoIP fun Apache ni RHEL ati CentOS ni lilo ibi ipamọ EPEL pẹlu iwulo oluṣakoso package YUM.

A ro pe o ti tẹlẹ ṣiṣe eto RHEL ati CentOS pẹlu LAMP ti n ṣiṣẹ (Linux, Apache, MySQL, ati PHP) iṣeto. Ti kii ba ṣe bẹ, lẹhinna ka awọn nkan wa nibiti a ti fihan fifi sori ẹrọ ti awọn ọna ṣiṣe mejeeji pẹlu atupa.

  1. Fifi sori ẹrọ ti CentOS 7 Pọọku.
  2. Fifi sori ẹrọ ti CentOS 8 Pọọku.

    Bii a ṣe le Fi atupa (Linux, Apache, MySQL, PHP) sori RHEL ati CentOS 7 Bii a ṣe le Fi Afun, MySQL/MariaDB, ati PHP sori RHEL ati CentOS 8

Nipa aiyipada mod_Geoip ko si labẹ ibi ipamọ osise RHEL/CentOS, nitorinaa a nilo lati fi sori ẹrọ ati muu ibi ipamọ EPEL ẹgbẹ kẹta ṣiṣẹ.

# yum install epel-release
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm  [On RHEL 8]

Lọgan ti o ba ti fi ibi ipamọ EPEL ṣiṣẹ lori eto rẹ, o le fi sori ẹrọ mod_geoip nirọrun nipa ṣiṣe pipaṣẹ atẹle pẹlu awọn idii igbẹkẹle wọn.

# yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel

O jẹ imọran ti o dara lati gba lati ayelujara tuntun Geo City ati Orilẹ-ede Orilẹ-ede lati wa ni imudojuiwọn.

# cd /usr/share/GeoIP/
# mv GeoIP.dat GeoIP.dat_org
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
# gunzip GeoLite2-Country.tar.gz
# gunzip GeoLite2-City.tar.gz

Lẹhin ti o ti fi sori ẹrọ module naa, ṣii ati ṣatunkọ faili iṣeto akọkọ ti module, pẹlu olootu ọrọ laini aṣẹ bi vi, ki o muu mu olupin gbogbogbo ṣiṣẹ, bi a ti ṣe apejuwe ninu iyasọtọ isalẹ.

# vi /etc/httpd/conf.d/geoip.conf

Ṣeto laini GeoIPEnable lati Paa si Tan-an. Pẹlupẹlu, rii daju pe o ṣafikun ọna to pe si faili data data GeoIP.

<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache
</IfModule>

Tun iṣẹ Apache tun bẹrẹ lati ṣe afihan awọn ayipada.

# systemctl restart httpd
OR
# service httpd restart

Sibẹsibẹ, a ko ṣe iṣeduro lati tan olupin module GeoIP jakejado. O yẹ ki o mu ki module module GeoIP ṣiṣẹ nikan ni > tabi awọn bulọọki nibiti iwọ yoo ṣe itọsọna itọsọna gangan tabi bulọọki.

Lati ṣe idanwo module mod_geoip n ṣiṣẹ ni deede pẹlu Apache, a nilo lati ṣẹda faili PHP kan ti a pe ni testgeoip.php labẹ itọsọna root Apache (fun apẹẹrẹ/var/www/html).

# vi /var/www/html/testgeoip.php

Fi nkan ti koodu php atẹle si si.

<html>
<head>
  <title>What is my IP address - determine or retrieve my IP address</title>
 </head>
<body>
 <?php
     if (getenv(HTTP_X_FORWARDED_FOR)) {
        $pipaddress = getenv(HTTP_X_FORWARDED_FOR);
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your Proxy IP address is : ".$pipaddress. " (via $ipaddress) " ;
    } else {
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your IP address is : $ipaddress";
    }
    $country = getenv(GEOIP_COUNTRY_NAME);
    $country_code = getenv(GEOIP_COUNTRY_CODE);
    echo "<br/>Your country : $country ( $country_code ) ";
?>
</body>
</html>

Bayi, gbiyanju lati pe faili naa nipa lilo ẹrọ lilọ kiri lori ayelujara (fun apẹẹrẹ http://localhost/testgeoip.php). Iwọ yoo gba adiresi IP rẹ ati awọn alaye Orilẹ-ede.

Ibi ipamọ data GeoIP ti ni imudojuiwọn ibẹrẹ ti gbogbo oṣu. Nitorinaa, o ṣe pataki pupọ lati tọju ibi ipamọ data GeoIP ni imudojuiwọn. Lati ṣe igbasilẹ ẹya tuntun ti ibi ipamọ data lo pipaṣẹ atẹle.

# cd /usr/share/GeoIP/
# mv GeoIP.dat GeoIP.dat_org
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
# gunzip GeoLite2-Country.tar.gz
# gunzip GeoLite2-City.tar.gz

A ti kọ iwe afọwọkọ ikarahun kekere kan ti yoo ṣe igbasilẹ ẹya tuntun ti ipilẹ data GeoIP laifọwọyi ni gbogbo oṣu. Kan gbe eyikeyi ti iwe atẹle wọnyi labẹ /etc/cron.monthly.

# Automatic GeoIP Database Update
#!/bin/sh
cd /usr/share/GeoIP
mv GeoIP.dat GeoIP.dat_org
wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
gzip -d -f GeoLite2-Country.tar.gz
#!/bin/sh

GEOIP_MIRROR="http://geolite.maxmind.com/download/geoip/database"
GEOIPDIR=/usr/share/GeoIP
TMPDIR=

DATABASES="GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6"

if [ -d "${GEOIPDIR}" ]; then
        cd $GEOIPDIR
        if [ -n "${DATABASES}" ]; then
                TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX)

                echo "Updating GeoIP databases..."

                for db in $DATABASES; do
                        fname=$(basename $db)

                        wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/${db}.dat.gz" -O "${TMPDIR}/${fname}.dat.gz"
                        gunzip -fdc "${TMPDIR}/${fname}.dat.gz" > "${TMPDIR}/${fname}.dat"
                        mv "${TMPDIR}/${fname}.dat" "${GEOIPDIR}/${fname}.dat"
                        chmod 0644 "${GEOIPDIR}/${fname}.dat"
                done
                [ -d "${TMPDIR}" ] && rm -rf $TMPDIR
        fi
fi

Koodu apẹẹrẹ ti isalẹ yoo ṣe atunṣe awọn olumulo ti o da lori koodu orilẹ-ede ti a ṣeto si AS (Asia). Ni ọna yii o le ṣe atunṣe eyikeyi awọn olumulo ti o da lori koodu agbegbe wọn.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AS$
RewriteRule ^(.*)$ https://linux-console.net$1 [R,L]

Apẹẹrẹ yii yoo dènà awọn olumulo ti o da lori koodu orilẹ-ede ti GeoIP ṣeto. Apẹẹrẹ ti isalẹ yoo dẹkun awọn olumulo lati awọn orilẹ-ede AS (Asia) ati AMẸRIKA (Amẹrika).

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
# ... place more countries here

Deny from env=BlockCountry

Apẹẹrẹ isalẹ yii yoo gba awọn olumulo laaye nikan lati awọn orilẹ-ede ti a mẹnuba ni isalẹ.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE AS AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
# ... place more countries here

Deny from all
Allow from env=AllowCountry

Fun alaye diẹ sii nipa mod_geoip ati lilo rẹ ni a le rii ni http://www.maxmind.com/app/mod_geoip. Ti o ba ni iṣoro eyikeyi ni siseto modulu mod_geoip kan, jọwọ jẹ ki a mọ nipasẹ awọn asọye ati jọwọ maṣe gbagbe lati pin pẹlu awọn ọrẹ rẹ.