Ask Your Question
0

puppet apache geoip blockcountry

asked 2014-04-09 06:59:11 -0500

RobN gravatar image

updated 2014-04-09 13:52:36 -0500

If I am going to do something like insert block countries in my apache restricted list.

I could modify a template (I am a little shy of the ruby, but do need to learn), insert into a conf.d file with a .pp, or manage a conf.d file that contains this:

<IfModule mod_geoip.c>
    GeoIPEnable On
    SetEnvIf GEOIP_COUNTRY_CODE IR BlockCountry # Iran
    SetEnvIf GEOIP_COUNTRY_CODE CU BlockCountry # Cuba
    SetEnvIf GEOIP_COUNTRY_CODE SY BlockCountry # Syria
    SetEnvIf GEOIP_COUNTRY_CODE SD BlockCountry # Sudan
    SetEnvIf GEOIP_COUNTRY_CODE SS BlockCountry # South Sudan
    SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry # North Korea
    <Directory />
        Deny from env=BlockCountry
    </Directory>
</IfModule>

Or probably a million ... (more)

edit retag flag offensive close merge delete

Comments

It is not the law where I live ;-)

ffrank gravatar imageffrank ( 2014-04-09 07:48:27 -0500 )edit

Ha, true that, still is a very common practice.

RobN gravatar imageRobN ( 2014-04-09 08:13:24 -0500 )edit

1 Answer

Sort by ยป oldest newest most voted
1

answered 2014-04-09 07:53:48 -0500

ffrank gravatar image

updated 2014-04-09 12:03:30 -0500

Have some untested code :-)

define apache::block_countries($list) {
  file { "/etc/apache2/conf.d/${title}.conf": content => template("apache/block_countries.erb");
}

# usage e.g.
apache::block_countries { "default-countries": list => [ "IR", "CU", "SS" ] }

Your template could look like this:

# This config file is managed by puppet! Changes will be overwritten!
<ifmodule mod_geoip.c="">
GeoIPEnable On
<% @list.each do |code| -%>
SetEnvIf GEOIP_COUNTRY_CODE <%= code %> BlockCountry
<% end -%>
</ifmodule>

Hope this will get you started.

edit flag offensive delete link more

Comments

Thank you so much. Since this should be in everyone's code it would be nice to get it into the default apache module. I will plug in and test ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:06:07 -0500 )edit

one quick thing, I believe the erb should contain GEOIP _ COUNTRY _ CODE and not GEOIPCOUNTRYCODE. It was a copy and paste problem I guess the default for "_ ...(more)

RobN gravatar imageRobN ( 2014-04-09 08:18:44 -0500 )edit

Yes, you may want to edit your question and wrap the configs into code blocks.

ffrank gravatar imageffrank ( 2014-04-09 12:03:06 -0500 )edit

Thanks for all your help ffrank. I have been thrown into being a puppet master as well as a DAM master an Atlassian expert, etc and I am quickly trying ...(more)

RobN gravatar imageRobN ( 2014-04-09 13:54:06 -0500 )edit

Glad to be of assistance. If this was of help, you can always mark as correct *hint* *hint* ;-)

ffrank gravatar imageffrank ( 2014-04-09 14:10:29 -0500 )edit

Your Answer

Please start posting anonymously - your entry will be published after you log in or create a new account.

Add Answer

Question Tools

Stats

Asked: 2014-04-09 06:59:11 -0500

Seen: 143 times

Last updated: Apr 09 '14