The policies area is where you can manage Apache web server access policies.
• Server wide policies (the first domain entry labeled "server wide" in the policy grid) apply to all domains on the server and cannot be overwritten at the domain level (if you block a country server wide you cannot allow it for a single domain).
• Be careful not to block any search engines or third party APIs that your websites may use.
• Be careful when adding "allow" entries. Allow entries will only "allow" the countries, continents, or autonomous system numbers that you set. Any non-matching entities will be denied access.
• Because mod_maxminddb is an Apache module, the domains PHP handler must be set to use Apache otherwise geo-filtering will not work. Nginx proxy mode must also be set to proxy requests to Apache.
• Apache configurations use the "AuthMerging And" directive so that authorization logic is combined with that of the nearest predecessor. E.g. If you allow a certain country for a domain and the domain has an .htaccess requiring a username and password then BOTH options must be satisfied before access is granted.
• If a location has both a deny and allow policy for the same location then BOTH policies will have to be satisfied to allow access.
Geo-filtering can be enabled/disabled server wide or per domain by pressing the edit icon next to the server wide or the specific domain on the policies page. Disabling geo-filtering on a domain will disable all policies for that domain. There is a slight performance penalty with geo-filtering enabled (The geo-information has to be queried for every request) so you may only want to enable it on domains that require it.
| Column | Description |
|---|---|
| Created | The date that the domain was created. |
| Domain name | The domain name. |
| Customer | The customer that owns the domain. |
| Company | The company that owns the domain. |
| Geo filter | Enable or disable the mod_maxminddb module for the domain. |
Navigate to Juggernaut Firewall -> Policies and click on a domain to add a policy entry. If this is the first entry for the domain then geo-filtering will be automatically enabled.
The location option allows you match entire domain .* or for a single URI only. For example if we wanted to only allow certain countries to be able to login to wordpress we could set the location to /wp-login.php.
If we wanted to allow certain countries access to the wordpress admin backend then we could set the location to /wp-admin/.*. The location option supports basic regex and uses the Apache LocationMatch directive internally.
| Column | Description |
|---|---|
| Domain name | The domain that the entry applies to. |
| Location | The regular-expression matching URL. Uses LocationMatch |
| Action | deny - allow from all but deny the following entities. allow - deny from all but allow the following entities. |
| Entity | country, continent, or ASN (Autonomous System Number). |
| Content | The content. |
| Comment | An optional comment. |
| Enabled | Enable or disable this entry. |
To only allow users from North America to login to your wordpress:
Location: /wp-login.php
Action: allow
Entity: continent
Content: North AmericaTo only allow users on the Rogers network (ASN 812) to login to your wordpress admin area:
Location: /wp-admin/.*
Action: allow
Entity: ASN
Content: 812To deny China from accessing your entire domain:
Location: .*
Action: deny
Entity: country
Content: ChinaAfter the Apache mod_maxminddb module is loaded and geo-filtering is enabled then PHP has access to the geolocation information for any connecting IP address (Geo-information is stored in the $_SERVER array):
ASN_DB_NETWORK => 104.208.0.0/13
MM_ASORG => MICROSOFT-CORP-MSN-AS-BLOCK
MM_ASN => 8075
CITY_DB_NETWORK => 104.215.128.0/17
MM_COUNTRY_NAME => Singapore
MM_CONTINENT_NAME_EN => Asia
MM_COUNTRY_CODE => SG
MM_LATITUDE => 1.30360
MM_CONTINENT_CODE => AS
MM_LONGITUDE => 103.85540
MM_CITY_NAME => Singapore
MMDB_INFO => result found
MMDB_ADDR => 104.215.148.63Below is a PHP script that you can use to lookup the information for an IP address:
<?php
$maxmind = array(
'CITY_DB_NETWORK',
'MM_LATITUDE',
'MM_CONTINENT_CODE',
'MM_LONGITUDE',
'MM_CITY_NAME',
'MM_COUNTRY_NAME',
'MM_CONTINENT_NAME_EN',
'MM_COUNTRY_CODE',
'ASN_DB_NETWORK',
'MM_ASN',
'MM_ASORG',
'MMDB_INFO',
'MMDB_ADDR'
);
foreach ($_SERVER as $key => $value)
{
if (in_array($key, $maxmind))
{
echo $key .' => '. $value . '<br />';
}
}
?>Save the script to one of your domains as maxmind.php then access it using your browser https://www.example.com/maxmind.php:
ASN_DB_NETWORK => 104.208.0.0/13
MM_ASORG => MICROSOFT-CORP-MSN-AS-BLOCK
MM_ASN => 8075
CITY_DB_NETWORK => 104.215.128.0/17
MM_COUNTRY_NAME => Singapore
MM_CONTINENT_NAME_EN => Asia
MM_COUNTRY_CODE => SG
MM_LATITUDE => 1.30360
MM_CONTINENT_CODE => AS
MM_LONGITUDE => 103.85540
MM_CITY_NAME => Singapore
MMDB_INFO => result found
MMDB_ADDR => 104.215.148.63