Sidehistorik
| Tip |
|---|
This is Work-in-progress - the Geofencing works, but the rest needs some tweaking regading the bind part |
I looked everywhere for good Apache2 or Nginx possibilities - no real luck; in generelt its was old, deprecated or just way to complications - OR part of an Enterprice (=payable) pack.
Then I fell over https://wetmore.ca/ip/ and downloaded the file.
And replaced my trusted long time friend Apache2 with HaProxy HAProxy - see also: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/security/traffic-policing/
My HAPRoxy HAProxy Docker:
| Kodeblok |
|---|
version: '3.4'
services:
haproxy:
image: haproxy
ports:
- 80:80
- 443:443
environment:
- TZ=Europe/Copenhagen
volumes:
- /data/haproxy/:/usr/local/etc/haproxy:ro |
...
Blocking (a part of) IP-Addresses from CN -China, RU -Russia, IR - Iran, KP - North Korea
And a short script to update the file (via /etc/crontab):
| Kodeblok | ||
|---|---|---|
| ||
#!/bin/bash
cd /data/haproxy
cp haproxy_geo_ip.txt haproxy_geo_ip.txt.1
cd /data/haproxy/tmp
rm haproxy_geo_ip.txt
wget https://wetmore.ca/ip/haproxy_geo_ip.txt
if [ $? -eq 0 ]
then
if [ -s haproxy_geo_ip.txt ]
then
cp haproxy_geo_ip.txt /data/haproxy
fi
fi |
The if's check if wget exited ok - got a file and if the filesize is not 0 (zero)