puppet apache geoip blockcountry

asked 2014-04-09 06:59:11 -0600

RobN gravatar image

updated 2014-04-09 13:52:36 -0600

If I am going to do something like insert block countries in my apache restricted list.

I could modify a template (I am a little shy of the ruby, but do need to learn), insert into a conf.d file with a .pp, or manage a conf.d file that contains this:

<IfModule mod_geoip.c>
    GeoIPEnable On
    SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry # Iran
    SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry # Cuba
    SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry # Syria
    SetEnvIf GEOIP_COUNTRY_CODE SD BlockCountry # Sudan
    SetEnvIf GEOIP_COUNTRY_CODE SS BlockCountry # South Sudan
    SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry # North Korea
    <Directory />
        Deny from env=BlockCountry

Or probably a million ... (more)

It is not the law where I live ;-)

ffrank gravatar imageffrank ( 2014-04-09 07:48:27 -0600 )edit

Ha, true that, still is a very common practice.

RobN gravatar imageRobN ( 2014-04-09 08:13:24 -0600 )edit

1 Answer

answered 2014-04-09 07:53:48 -0600

ffrank gravatar image

updated 2014-04-09 12:03:30 -0600

Have some untested code :-)

define apache::block_countries($list) {
  file { "/etc/apache2/conf.d/${title}.conf": content => template("apache/block_countries.erb");

# usage e.g.
apache::block_countries { "default-countries": list => [ "IR", "CU", "SS" ] }

Your template could look like this:

# This config file is managed by puppet! Changes will be overwritten!
<ifmodule mod_geoip.c="">
GeoIPEnable On
<% @list.each do |code| -%>
SetEnvIf GEOIP_COUNTRY_CODE <%= code %> BlockCountry
<% end -%>

Hope this will get you started.

Thank you so much. Since this should be in everyone's code it would be nice to get it into the default apache module. I will plug in and test ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:06:07 -0600 )edit

one quick thing, I believe the erb should contain GEOIP _ COUNTRY _ CODE and not GEOIPCOUNTRYCODE. It was a copy and paste problem I guess the default for "_ ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:18:44 -0600 )edit

Yes, you may want to edit your question and wrap the configs into code blocks.

ffrank gravatar imageffrank ( 2014-04-09 12:03:06 -0600 )edit

Thanks for all your help ffrank. I have been thrown into being a puppet master as well as a DAM master an Atlassian expert, etc and I am quickly trying ...(more)

RobN gravatar imageRobN ( 2014-04-09 13:54:06 -0600 )edit

Glad to be of assistance. If this was of help, you can always mark as correct *hint* *hint* ;-)

ffrank gravatar imageffrank ( 2014-04-09 14:10:29 -0600 )edit

Asked: 2014-04-09 06:59:11 -0600

Seen: 175 times

Last updated: Apr 09 '14