Using IP2Proxy Proxy detection to block VPN users in Apache

Using IP2Proxy to block VPN users in Apache

Intro

Apache is a popular open-source web server being used on both the Linux and Windows environments. In this article, we will demonstrate how to block access to the Apache website when the visitor is using a VPN via the IP2Proxy Apache module for the Debian Linux environment.

Pre-requisites

We will assume that you have a functioning Apache 2.4 web server. We will not cover the installation of Apache 2.4 as there are many guides on the web for that. You will need to install the apache2-dev and git packages if they are not installed.

sudo apt-get install apache2-dev
sudo apt-get install git

The last pre-requisite is the IP2Proxy BIN database file which you can get from:

https://www.ip2location.com/database/ip2proxy (commercial)

or

https://lite.ip2location.com/ip2proxy-lite (free LITE version, less accurate)

Download and decompress the BIN file into a folder called ip2proxy-dev.

IP2Location LITE database

Installation

First of all, we need to get the IP2Proxy C library from GitHub. Navigate to the ip2proxy-dev folder then run the below command to clone the project folder to the local folder.

git clone https://github.com/ip2location/ip2proxy-c.git

Next, navigate to the ip2proxy-c sub-folder and run the following commands to compile the IP2Proxy C library.

sudo autoreconf -i -v --force
sudo ./configure
sudo make
sudo make install
sudo ldconfig

Now, navigate up to the ip2proxy-dev folder level. We will now clone the IP2Proxy Apache module from GitHub.

git clone https://github.com/ip2location/ip2proxy-apache

Next, navigate to the ip2proxy-apache sub-folder then compile both the IP2Proxy C library and the IP2Proxy Apache module.

sudo apxs2 -i -a -L /usr/local/lib/ -I ../ip2proxy-c/libIP2Proxy/ -l IP2Proxy -c mod_ip2proxy.c

Configuration

Add following lines into the /etc/apache2/apache2.conf file. Modify the IP2ProxyDBFile parameter for your own folder and BIN filename.

<IfModule mod_ip2proxy.c>
IP2ProxyEnable On
IP2ProxySetmode ENV
IP2ProxyDBFile "/home/admin/ip2proxy-dev/IP2PROXY-IP-PROXYTYPE-COUNTRY-REGION-CITY-ISP-DOMAIN-USAGETYPE-ASN-LASTSEEN-THREAT-RESIDENTIAL.BIN"
IP2ProxyDetectProxy Off
</IfModule>

Turning on the rewrite module

The blocking is performed by the Apache rewrite module so if you haven’t enabled it, you can do so using the command below.

sudo a2enmod rewrite

Restart Apache for the above settings to take effect

Run the following command to restart.

sudo systemctl restart apache2

Testing blocking

In your website .htaccess file, paste something like the following:

RewriteEngine On
RewriteCond %{ENV:IP2PROXY_PROXY_TYPE} ^(VPN|WEB)$
RewriteRule ^(.*)$ - [F]

The example above is checking for 2 types of proxies. First is the Virtual Private Network (VPN) proxy and the second is the web-based (WEB) proxy. You can modify this part to include other types of proxies such as Tor (TOR) or residential proxies (RES).

Was this article helpful?

Related Articles