Intro
Apache is a popular open-source web server being used on both the Linux and Windows environments. In this article, we will demonstrate how to block access to the Apache website when the visitor is using a VPN via the IP2Proxy Apache module for the Debian Linux environment.
Pre-requisites
We will assume that you have a functioning Apache 2.4 web server. We will not cover the installation of Apache 2.4 as there are many guides on the web for that. You will need to install the apache2-dev and git packages if they are not installed.
sudo apt-get install apache2-dev sudo apt-get install git
The last pre-requisite is the IP2Proxy BIN database file which you can get from:
https://www.ip2location.com/database/ip2proxy (commercial)
or
https://lite.ip2location.com/ip2proxy-lite (free LITE version, less accurate)
Download and decompress the BIN file into a folder called ip2proxy-dev.
Installation
First of all, we need to get the IP2Proxy C library from GitHub. Navigate to the ip2proxy-dev folder then run the below command to clone the project folder to the local folder.
git clone https://github.com/ip2location/ip2proxy-c.git
Next, navigate to the ip2proxy-c sub-folder and run the following commands to compile the IP2Proxy C library.
sudo autoreconf -i -v --force sudo ./configure sudo make sudo make install sudo ldconfig
Now, navigate up to the ip2proxy-dev folder level. We will now clone the IP2Proxy Apache module from GitHub.
git clone https://github.com/ip2location/ip2proxy-apache
Next, navigate to the ip2proxy-apache sub-folder then compile both the IP2Proxy C library and the IP2Proxy Apache module.
sudo apxs2 -i -a -L /usr/local/lib/ -I ../ip2proxy-c/libIP2Proxy/ -l IP2Proxy -c mod_ip2proxy.c
Configuration
Add following lines into the /etc/apache2/apache2.conf file. Modify the IP2ProxyDBFile parameter for your own folder and BIN filename.
<IfModule mod_ip2proxy.c> IP2ProxyEnable On IP2ProxySetmode ENV IP2ProxyDBFile "/home/admin/ip2proxy-dev/IP2PROXY-IP-PROXYTYPE-COUNTRY-REGION-CITY-ISP-DOMAIN-USAGETYPE-ASN-LASTSEEN-THREAT-RESIDENTIAL.BIN" IP2ProxyDetectProxy Off </IfModule>
Turning on the rewrite module
The blocking is performed by the Apache rewrite module so if you haven’t enabled it, you can do so using the command below.
sudo a2enmod rewrite
Restart Apache for the above settings to take effect
Run the following command to restart.
sudo systemctl restart apache2
Testing blocking
In your website .htaccess file, paste something like the following:
RewriteEngine On RewriteCond %{ENV:IP2PROXY_PROXY_TYPE} ^(VPN|WEB)$ RewriteRule ^(.*)$ - [F]
The example above is checking for 2 types of proxies. First is the Virtual Private Network (VPN) proxy and the second is the web-based (WEB) proxy. You can modify this part to include other types of proxies such as Tor (TOR) or residential proxies (RES).