Open in app

Sign in

Write

Sign in

Using IP2Proxy to block VPN users in Apache

IP2Location
2 min readOct 14, 2020

--

Intro

Apache is a popular open-source web server being used on both the Linux and Windows environments. In this article, we will demonstrate how to block access to the Apache website when the visitor is using a VPN via the IP2Proxy Apache module for the Debian Linux environment.

Pre-requisites

We will assume that you have a functioning Apache 2.4 web server. We will not cover the installation of Apache 2.4 as there are many guides on the web for that. You will need to install the apache2-dev and git packages if they are not installed.

sudo apt-get install apache2-dev sudo apt-get install git

The last pre-requisite is the IP2Proxy BIN database file which you can get from:

https://www.ip2location.com/database/ip2proxy (commercial)

or

https://lite.ip2location.com/ip2proxy-lite (free LITE version, less accurate)

Download and decompress the BIN file into a folder called ip2proxy-dev.

Installation

First of all, we need to get the IP2Proxy C library from GitHub. Navigate to the ip2proxy-dev folder then run the below command to clone the project folder to the local folder.

git clone https://github.com/ip2location/ip2proxy-c.git

Next, navigate to the ip2proxy-c sub-folder and run the following commands to compile the IP2Proxy C library.

sudo autoreconf -i -v --force sudo ./configure sudo make sudo make install sudo ldconfig

Now, navigate up to the ip2proxy-dev folder level. We will now clone the IP2Proxy Apache module from GitHub.

git clone https://github.com/ip2location/ip2proxy-apache

Next, navigate to the ip2proxy-apache sub-folder then compile both the IP2Proxy C library and the IP2Proxy Apache module.

sudo apxs2 -i -a -L /usr/local/lib/ -I ../ip2proxy-c/libIP2Proxy/ -l IP2Proxy -c mod_ip2proxy.c

Configuration

Add following lines into the /etc/apache2/apache2.conf file. Modify the IP2ProxyDBFile parameter for your own folder and BIN filename.

<IfModule mod_ip2proxy.c> IP2ProxyEnable On IP2ProxySetmode ENV IP2ProxyDBFile "/home/admin/ip2proxy-dev/IP2PROXY-IP-PROXYTYPE-COUNTRY-REGION-CITY-ISP-DOMAIN-USAGETYPE-ASN-LASTSEEN-THREAT-RESIDENTIAL.BIN" IP2ProxyDetectProxy Off </IfModule>

Turning on the rewrite module

The blocking is performed by the Apache rewrite module so if you haven’t enabled it, you can do so using the command below.

sudo a2enmod rewrite

Restart Apache for the above settings to take effect

Run the following command to restart.

sudo systemctl restart apache2

Testing blocking

In your website .htaccess file, paste something like the following:

RewriteEngine On RewriteCond %{ENV:IP2PROXY_PROXY_TYPE} ^(VPN|WEB)$ RewriteRule ^(.*)$ - [F]

The example above is checking for 2 types of proxies. First is the Virtual Private Network (VPN) proxy and the second is the web-based (WEB) proxy. You can modify this part to include other types of proxies such as Tor (TOR) or residential proxies (RES).

Originally published at https://blog.ip2location.com on October 14, 2020.

VPN
Proxy
Apache
Internet Security
Networking Tips

--

--

IP2Location
IP2Location

Written by IP2Location

39 Followers
14 Following

IP2Location™ is a non-intrusive geo IP solution to help you to identify visitor’s geographical location using a proprietary IP address lookup database.

No responses yet

Help

Status

About

Careers

Press

Blog

Privacy

Terms

Text to speech

Teams