How to Install Mod_GeoIP for Apache in RHEL and CentOS

Mod_GeoIP is an Apache module that can be used to get the geographic location of the IP address of the visitor into the Apache webserver. This module allows you to determine the visitor’s country, organization, and location. It is especially useful for Geo Ad Serving, Target Content, Spam Fighting, Fraud Detection, Redirecting/Blocking visitors based on their country and much more.

GeoIP module allows system administrators to redirect or block web traffic according to the client’s geographical location. The geographical location is learned via the client IP address.

Mod_GeoIP has two different versions one is Free and another one is Paid and uses MaxMind GeoIP / GeoCity databases.

1. Free Version: In the Free version, the Geo City and Country databases are available with 99.5% accuracy.
2. Paid Version: In the Paid version, you will get both databases with 99.8% accuracy with some more advanced details about IP address.

If you like to check out the more differences between the Free and Paid version, please visit Maxmind.com.

This article explains how to set up and install the Mod_GeoIP module for Apache in RHEL and CentOS using the EPEL repository with YUM package manager utility.

We assume that you already have running RHEL and CentOS system with a working LAMP (Linux, Apache, MySQL, and PHP) setup. If not, then read our articles where we’ve shown the installation of both operating systems with LAMP.

Installation Of RHEL/CentOS

1. Installation of RHEL 7 and CentOS 7 Minimal.
2. Installation of RHEL 8 and CentOS 8 Minimal.

LAMP Setup on RHEL/CentOS

1. How to Install LAMP (Linux, Apache, MySQL, PHP) on RHEL and CentOS 7
2. How to Install Apache, MySQL/MariaDB, and PHP on RHEL and CentOS 8

Enable EPEL Repository in RHEL and CentOS

By default mod_Geoip is not available under RHEL / CentOS official repository, so we need to install and enable third party EPEL repository.

# yum install epel-release
# yum install https://dl.fedoraproject.org/pub/epel/epel-release-latest-8.noarch.rpm  [On RHEL 8]

Install Mod_GeoIP in RHEL and CentOS

Once you’ve EPEL repository enabled on your system, you can simply install mod_geoip by running following command with their dependency packages.

# yum install mod_geoip GeoIP GeoIP-devel GeoIP-data zlib-devel

Download latest Geo City and Country Database

It’s a good idea to download the latest Geo City and Country Database to stay updated.

# cd /usr/share/GeoIP/
# mv GeoIP.dat GeoIP.dat_org
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
# gunzip GeoLite2-Country.tar.gz
# gunzip GeoLite2-City.tar.gz

Enable Mod_GeoIP in Apache

After the module has been installed, open and edit the module’s main configuration file, with a command-line text editor such as vi, and activate the module server-wide, as illustrated in the below excerpt.

# vi /etc/httpd/conf.d/geoip.conf

Set the line GeoIPEnable from Off to On. Also, make sure you add the absolute path to the GeoIP database file.

<IfModule mod_geoip.c>
GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat MemoryCache
</IfModule>

Restart the Apache service to reflect changes.

# systemctl restart httpd
OR
# service httpd restart

However, it’s not recommended to turn on the GeoIP module server-wide. You should enable the GeoIP module only in <Location> or <Directory> blocks where you would actually perform the traffic redirection or block.

Testing Mod_GeoIP Module

To test the mod_geoip module is working correctly with Apache, we need to create a PHP file called testgeoip.php under Apache root directory (e.g. /var/www/html).

# vi /var/www/html/testgeoip.php

Insert the following piece of php code to it.

<html>
<head>
  <title>What is my IP address - determine or retrieve my IP address</title>
 </head>
<body>
 <?php
     if (getenv(HTTP_X_FORWARDED_FOR)) {
        $pipaddress = getenv(HTTP_X_FORWARDED_FOR);
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your Proxy IP address is : ".$pipaddress. " (via $ipaddress) " ;
    } else {
        $ipaddress = getenv(REMOTE_ADDR);
        echo "Your IP address is : $ipaddress";
    }
    $country = getenv(GEOIP_COUNTRY_NAME);
    $country_code = getenv(GEOIP_COUNTRY_CODE);
    echo "<br/>Your country : $country ( $country_code ) ";
?>
</body>
</html>

Now, try to call the file using a web browser (e.g. http://localhost/testgeoip.php). You will get your IP address and Country details.

Updating GeoIP Database

GeoIP database is updated beginning of every month. So, it is very important to keep the GeoIP database up-to-date. To download the latest version of the database use the following command.

# cd /usr/share/GeoIP/
# mv GeoIP.dat GeoIP.dat_org
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
# wget http://geolite.maxmind.com/download/geoip/database/GeoLite2-City.tar.gz
# gunzip GeoLite2-Country.tar.gz
# gunzip GeoLite2-City.tar.gz

Automatic GeoIP Database Update

We have written a small shell script that will automatically download the latest version of the GeoIP database every month. Just place any of the following script under /etc/cron.monthly.

Script 1

# Automatic GeoIP Database Update
#!/bin/sh
cd /usr/share/GeoIP
mv GeoIP.dat GeoIP.dat_org
wget -q http://geolite.maxmind.com/download/geoip/database/GeoLite2-Country.tar.gz
gzip -d -f GeoLite2-Country.tar.gz

Script 2

#!/bin/sh

GEOIP_MIRROR="http://geolite.maxmind.com/download/geoip/database"
GEOIPDIR=/usr/share/GeoIP
TMPDIR=

DATABASES="GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6"

if [ -d "${GEOIPDIR}" ]; then
        cd $GEOIPDIR
        if [ -n "${DATABASES}" ]; then
                TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX)

                echo "Updating GeoIP databases..."

                for db in $DATABASES; do
                        fname=$(basename $db)

                        wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/${db}.dat.gz" -O "${TMPDIR}/${fname}.dat.gz"
                        gunzip -fdc "${TMPDIR}/${fname}.dat.gz" > "${TMPDIR}/${fname}.dat"
                        mv "${TMPDIR}/${fname}.dat" "${GEOIPDIR}/${fname}.dat"
                        chmod 0644 "${GEOIPDIR}/${fname}.dat"
                done
                [ -d "${TMPDIR}" ] && rm -rf $TMPDIR
        fi
fi

Redirecting Users based on Country

The below example code will redirect users based on the country code that we set to AS (Asia). This way you can redirect any users based on their county code.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

# Redirect one country
RewriteEngine on
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^AS$
RewriteRule ^(.*)$ https://www.tecmint.com$1 [R,L]

Blocking Users based on Country

This example will block users based on the country code that GeoIP sets. The below example will block users from AS (Asia) and US (United States) countries.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE AS BlockCountry
SetEnvIf GEOIP_COUNTRY_CODE US BlockCountry
# ... place more countries here

Deny from env=BlockCountry

Allowing Users based on Country

This below example will only allow users from below mentioned countries.

GeoIPEnable On
GeoIPDBFile /usr/share/GeoIP/GeoIP.dat

SetEnvIf GEOIP_COUNTRY_CODE AS AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
# ... place more countries here

Deny from all
Allow from env=AllowCountry

For more information about mod_geoip and its usage can be found at http://www.maxmind.com/app/mod_geoip. If you’re having any trouble in setting up a mod_geoip module, please let us know via comments and please don’t forget to share it with your friends.