Resolved Block specific countries through Plesk

[othmaqsa]

Server operating system version

Ubuntu 20.04.6 LTS

Plesk version and microupdate number

Version 18.0.51

Hello,

I want to block few countries through Plesk via ModSec. I have read the documentation in this url: https://support.plesk.com/hc/en-us/articles/12377285410839

If I apply the Workaround 2, the Website hosted in the server will be unavailable in the blocked countries, right ?

Thank you.

 

[Peter Debik]

If I apply the Workaround 2, the Website hosted in the server will be unavailable in the blocked countries, right ?

Yes. And websites only, not email.

 

[othmaqsa]

Yes. And websites only, not email.

Got it. Thank you.

By the way, Geo2ip lite database work with the web server Apache and Nginx, no difference, right ?

 

[Peter Debik]

The database is only a collection of IP addresses and their association with a country code. This is an independent database. The data from the database is applied to a ModSecurity rule. Where the rule applies depends on the ModSecurity version you are using. When you want ModSecurity to work with Nginx, you will need version 3.0, for Apache you need to select version 2.9. This does not depend on the geoip database.

 

[othmaqsa]

The database is only a collection of IP addresses and their association with a country code. This is an independent database. The data from the database is applied to a ModSecurity rule. Where the rule applies depends on the ModSecurity version you are using. When you want ModSecurity to work with Nginx, you will need version 3.0, for Apache you need to select version 2.9. This does not depend on the geoip database.

Got it.

I use already ModSec 3.0 + Nginx + OWASP.

I'll try this night to install Geo2ip lite database and configure it with ModSec.

Thanks.

 

[othmaqsa]

Hello @Peter Debik ,

When I try to save the custom directives in ModSec, this error occur:

Invalid ModSecurity configuration: nginx: [emerg] "modsecurity_rules_file" directive Rules error. File: /etc/nginx/modsecurity.d/main.conf. Line: 6. Column: 44. Expecting an action, got: Include /etc/nginx/modsecurity.d/rules.conf in /etc/nginx/conf.d/modsecurity.conf:6 nginx: configuration file /etc/nginx/nginx.conf test failed

Any idea please ?

 

[Peter Debik]

Well, you'll need to check what is in line 6, column 44 or right before or right behind that.

 

[othmaqsa]

@Peter Debik , I have checked this file /etc/nginx/modsecurity.d/main.conf but I see nothing in Line 6

 

[othmaqsa]

@Peter Debik , I have tried again, I can't save this Custom directives in ModSecurity.

I use Nginx + ModSec 3.0 + OWASP . Maybe this Workaround II work only for Apache ?

 

[Peter Debik]

For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.

 

[othmaqsa]

For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.

Okay, I'll wait so.

Do I need to uninstall Geo2ip lite database PACKAGE or I can keep it ?

 

[Peter Debik]

That's merely unpacked files, not a system service. So it should not matter whether they are there or not unless they are addressed by any software. If there is no software that uses them, they can be removed.

 

[othmaqsa]

@Peter Debik
I found this in the documentation (another way)

https://docs.plesk.com/en-US/obsidi...nt/plesk-for-linux-setting-up-ip-geolocation- for-a-website.80011/

Have you already tried it?

 

[othmaqsa]

Link: (Plesk for Linux) Setting up IP Geolocation for a Website

 

[othmaqsa]

For the files I think the include is seen expanded, so you'd need to investigate further down in the included files. Regarding Nginx ModSecurity 3.0: This can be considered experimental. I am not sure if it indeed works with the rules. I think it should, but have not tested it.

Plesk is in the process or creating a general geo IP blocking feature, so maybe, if you want to save some time and it is not too urgent for you, it will be an option to just wait on that feature to be released. It is planned for 2023 and it is already being worked on.

Hello @Peter Debik ,

Sincerely, it's urgent now. I receive a lot of fake comments each day from a lot of IPs based in Russia/ China.

If I solve this, no bad bots from Russia and China can access to my site.

Can you confirm in the last post that the documentation apply for Plesk Obsidian ?

 

[Peter Debik]

Yes, it applies to Plesk Obsidian.

 

[othmaqsa]

Yes, it applies to Plesk Obsidian.

Got it.

I have successfully configured this in my server. All work as expected.

If I want to combine multiple ISO CODE (Countries) in 1 function, is it possible ? I have tried with , and space, but it doesn't work.

if ($geoip2_data_country_code = "XX") {
        return 403;
}

 

[othmaqsa]

Apparently, i must run a weekly update for geoipupdate, so I need to create a cron tab.

This cron tab below is correct ?

# top of crontab

[email protected]

0 12 * * 3 geoipupdate

# end of crontab

 

[Peter Debik]

If I want to combine multiple ISO CODE (Countries) in 1 function, is it possible ? I have tried with , and space, but it doesn't work.

Nginx does not support logical "or". Your best bet is to let the first if-section follow by another for the other country code. But: Nginx has issues with "if" in general, so it could lead to crashes. If is Evil… when used in location context | NGINX

I think the cron entry is correct, but maybe you need to add the full path to geoipupdate.

 

[othmaqsa]

I think the cron entry is correct, but maybe you need to add the full path to geoipupdate.

It's correct now, right ?
# top of crontab
MAILTO=[email protected]
0 12 * * 3 /usr/local/bin/geoipupdate
# end of crontab