This is Work-in-progress - the Geofencing works, but the rest needs some tweaking regading the bind part |
I looked everywhere for good Apache2 or Nginx possibilities - no luck; in generelt its was old, deprecated or just way to complications.
Then I fell over https://wetmore.ca/ip/ and downloaded the file.
And replaced Apache2 with HaProxy - see also: https://www.haproxy.com/documentation/haproxy-configuration-tutorials/security/traffic-policing/
My HAPRoxy Docker:
version: '3.4'
services:
haproxy:
image: haproxy
ports:
- 80:80
- 443:443
environment:
- TZ=Europe/Copenhagen
volumes:
- /data/haproxy/:/usr/local/etc/haproxy:ro |
A sample of my HA Proxy Config:
defaults timeout connect 30s timeout client 1m timeout server 1m frontend confluence bind *:443 name www.mos-eisley.dk ssl crt /usr/local/etc/haproxy/wildcard.mos-eisley.dk.crt mode http option forwardfor option http-server-close log global option httplog maxconn 150 acl acl_geoloc_block src,map_ip(/usr/local/etc/haproxy/haproxy_geo_ip.txt) -m reg -i (CN|RU|IR) http-request silent-drop if acl_geoloc_block use_backend confluence_backend backend confluence_backend log global mode http balance roundrobin option httpchk http-check send meth GET uri /status http-check expect string RUNNING cookie confluence insert indirect nocache server confluence 77.243.53.199:8090 check cookie confluence |
Blocking (a part of) IP-Addresses from CN -China, RU -Russia