Ask Your Question

puppet apache geoip blockcountry

asked 2014-04-09 06:59:11 -0600

RobN gravatar image

updated 2014-04-09 13:52:36 -0600

If I am going to do something like insert block countries in my apache restricted list.

I could modify a template (I am a little shy of the ruby, but do need to learn), insert into a conf.d file with a .pp, or manage a conf.d file that contains this:

<IfModule mod_geoip.c>
    GeoIPEnable On
    SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry # Iran
    SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry # Cuba
    SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry # Syria
    SetEnvIf GEOIP_COUNTRY_CODE SD BlockCountry # Sudan
    SetEnvIf GEOIP_COUNTRY_CODE SS BlockCountry # South Sudan
    SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry # North Korea
    <Directory />
        Deny from env=BlockCountry

Or probably a million ... (more)

edit retag flag offensive close merge delete


It is not the law where I live ;-)

ffrank gravatar imageffrank ( 2014-04-09 07:48:27 -0600 )edit

Ha, true that, still is a very common practice.

RobN gravatar imageRobN ( 2014-04-09 08:13:24 -0600 )edit

1 Answer

Sort by ยป oldest newest most voted

answered 2014-04-09 07:53:48 -0600

ffrank gravatar image

updated 2014-04-09 12:03:30 -0600

Have some untested code :-)

define apache::block_countries($list) {
  file { "/etc/apache2/conf.d/${title}.conf": content => template("apache/block_countries.erb");

# usage e.g.
apache::block_countries { "default-countries": list => [ "IR", "CU", "SS" ] }

Your template could look like this:

# This config file is managed by puppet! Changes will be overwritten!
<ifmodule mod_geoip.c="">
GeoIPEnable On
<% @list.each do |code| -%>
SetEnvIf GEOIP_COUNTRY_CODE <%= code %> BlockCountry
<% end -%>

Hope this will get you started.

edit flag offensive delete link more


Thank you so much. Since this should be in everyone's code it would be nice to get it into the default apache module. I will plug in and test ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:06:07 -0600 )edit

one quick thing, I believe the erb should contain GEOIP _ COUNTRY _ CODE and not GEOIPCOUNTRYCODE. It was a copy and paste problem I guess the default for "_ ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:18:44 -0600 )edit

Yes, you may want to edit your question and wrap the configs into code blocks.

ffrank gravatar imageffrank ( 2014-04-09 12:03:06 -0600 )edit

Thanks for all your help ffrank. I have been thrown into being a puppet master as well as a DAM master an Atlassian expert, etc and I am quickly trying ...(more)

RobN gravatar imageRobN ( 2014-04-09 13:54:06 -0600 )edit

Glad to be of assistance. If this was of help, you can always mark as correct *hint* *hint* ;-)

ffrank gravatar imageffrank ( 2014-04-09 14:10:29 -0600 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools


Asked: 2014-04-09 06:59:11 -0600

Seen: 175 times

Last updated: Apr 09 '14