Using mod_geoip to Improve Server Security and Fight Hackers

By July 5, 2013Web Development
using-mod_geoip-in-server-security

One of our eCommerce client’s recently had an unpleasant experience with hackers. The hacker was trying to plant some code that will send customer’s Credit Card information to a remote server in Russia. Luckily we have detected & fixed the issue within a day of the attack and our client’s servers are now secure. However, we now went on to taking further steps and restrict our eCommerce front even further for any country that we do not ship or wish to ship to directly.

Together with our client, we went over analytics and reviewed all online eCommerce business done globally and identified that the we only wish to show our eCommerce platform to 3 countries: US, CA, and UK. Anyone coming from a different country do not need to see our eCommerce site. So we drafted a nice little international contact form based on the onepager responsive theme from egrappler.com and made use of the cool mod_geoip Apache module which can be installed via the EPEL repository. Here is how we configured it:

These lines are added to httpd.conf in a general area (outside of any <Directory> or <VirtualHost> sections:

Then right bellow it I have the <VirtualHost> setup, so we need to add RewriteEngine on and RewriteOptions inherit to any virtual host we want the above redirect enforced, in our case is all of them, see below:

That does it, any traffic coming from anywhere in the world (or space) that is not coming from the USA, Canada, or United Kingdom will now be redirected to our international contact form which resides under the /int/ subfolder of our main site.

TIP: One of the best resources I have found for installing and setting up mod_geoip is by maxmind.