Activities

July 2015
M T W T F S S
« Jun   Aug »
 12345
6789101112
13141516171819
20212223242526
2728293031  

GeoIP : How to manage the web traffic on Amazon loadbalencer or block web accesss to a country

Recently we had an issue with the nodes which added in Loadbalencers due to heavy traffic. Server load become high during the peak time and identified that most of the busy traffic are being used for spamming and marketing purpose. Also we getting many referral traffic from banned countries as showing below,

1. Russia
2. Israel
3. Philippines
4. Brazil
5. Ukraine
6. Kenya
7. Sudan
8. Venezuela
9. Denmark
10. South Korea
11. Italy
12. Spain

Since all the web servers are added in Amazon Elastic loadbalener, we do not have much control over web since ELB servicing it. So none of the iptables rules, apf and bfd firewall will not help you as we can not identify the user static IP in loadbalencer node in network level to block it. But we can see the users public IPs over Apache by adding “%{X-Forwarded-For}”.

So we can not block any web traffic based on the users IP or network due to Nat’d environment limitation.

How to block IP/Network in Amazon Cloud

1. You will not see any block rules options under “security Group” area as AWS block all the access by default. if you want to block an IP or Network, it can be only accomplished through modifying the network acl under VPC area . By default AWS support only 20 network ACL rules and they will open another 20 ACL on another support request. We can add only 20 rules per request and limited to 200 network ACL in a VPC. So setting up ACL is a good option if you want to block a network immediately and permanently. Remember no. rules counts are limited.

2. I found GeoIP with Apache block is the best solution to reduce the Spam/bots/crawlers traffic to our platform. Pls note that GeoIP database has 96% accuracy and have a chance to block genuine users sometimes.

How do I install GeoIP,

a. Install GeoIP packages
If you are using Amazon linux , execute the below command,

~]#yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel

b. Enable the GeoIP extension in Apache web server,

Edit the file “/etc/httpd/conf/httpd.conf” and append the following lines,


GeoIPEnable On
GeoIPScanProxyHeaders On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

c. Restart the web server.

[root@web03 ~]# service httpd restart
Stopping httpd:                                            [  OK  ]
Starting httpd:                                            [  OK  ]
[root@web03 ~]#

d. Configure your .htaccess file to manage the access.

In my senario, I need to blacklist certain countries those are accessing my sites because or platform users are only from US. I uses Google analytic report to find the region to be blocked.

SetEnvIf GEOIP_COUNTRY_CODE RU BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE IL BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE PH BlockCountry
# One customer from Rome/Italy reported to unblock
#SetEnvIf GEOIP_COUNTRY_CODE IL BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE BR BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE UA BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE KE BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE SD BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE VE BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE DK BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE KP BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE IT BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE ES BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE CN BlockCountry
#SetEnvIf GEOIP_COUNTRY_CODE IN BlockCountry
Deny from env=BlockCountry

Note: I use ” IN” to test the blocking is working or not. Now we can able to block certain country level access easily. Country code can be found here http://dev.maxmind.com/geoip/legacy/codes/iso3166/

Here are the post I put up for AWS forum support. But nothing gonna help me.

https://forums.aws.amazon.com/message.jspa?messageID=593865#593865

Here is the sample PHP script to verify GeoIP accuracy,

<html>
<head>
<title>What is my IP address and Country</title>
</head>
<body>
<?

    if (getenv(HTTP_X_FORWARDED_FOR)) {
        $pipaddress = getenv(HTTP_X_FORWARDED_FOR);
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your Proxy IP address is : ".$pipaddress. " (via $ipaddress) " ;
    } else {
        $ipaddress = getenv(REMOTE_ADDR);
        echo "My IP address is : $ipaddress";
    }
    $country = getenv(GEOIP_COUNTRY_NAME);
    echo "<br />My Country : $country";
?>
</body>
</html>

Taken from tecmint

Leave a Reply

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>