Since version 4.5.8 Roxy-WI allows to download and update GeoLite2 via the web panel.
GeoIP, MaxMind’s IP intelligence product, consists of several related products. GeoIP lets you discover information about a specific IP address. Maxmind provides web services, subscription-based downloadable databases, and free downloadable databases.
DatabasesGeoLite2 databases are free IP geolocation databases comparable to, but less accurate than, MaxMind’s GeoIP2 databases. The GeoLite2 Country, City, and ASN databases are updated weekly, every Tuesday.
IP Geolocation UsageIP geolocation is inherently imprecise. Locations are often near centers of the population. Any location provided by a GeoIP database should not be used to identify a particular address or household.
Use the Accuracy Radius as an indication of geolocation accuracy for the latitude and longitude coordinates Maxmind returns for an IP address. The actual location of the IP address is likely within the area defined by this radius and the latitude and longitude coordinates.
MaxMind provides access to GeoLite2 databases only for registered users. So, you need to get a license key. All the details are described in the instruction below.
First of all create an account here:
when you have created your account, you will receive an email with further instructions:
Follow the link to create a password:
After finishing the registration you will be granted acess to your private cabinet:
To download the database you need to get a license key. Go to "My Licence Key" section: Follow the link to create a password:
The license key will be displayed on the screen. Copy and save it as it will not be shown anymore:
Specify your key as the value of the maxmind_key parameter in your group settings:
Roxy-WI allows to use GeoLite2 via the web interface. Create a license key to start using it.
After you have created the Licence key and added it into the group settings you can start using GeoLite2 Database:
Select a server for uploading, Roxy-WI will define if GeoLite2 is already installed on it(in the black box), and press the "Install" button(in the green box).
Roxy-WI will download and format it from GeoIP to acceptable format for HAProxy service. Also Roxy-WI will separate divide a big file with IPs into many smaller files (each file for one country) e.g.: file AD.subnets consists of all IPs which used in Andorra.
UpdatingMaxMind updates GeoLite2 databases every Tuesday, so it should be updated every week. Roxy-WI can do it! Just check "Updating" checkbox.
How files with IPs for each continent can be used for creating ACLs:
acl acl_AF src -f /etc/haproxy/geoip/AF.txt acl acl_AN src -f /etc/haproxy/geoip/AN.txt acl acl_AS src -f /etc/haproxy/geoip/AS.txt acl acl_EU src -f /etc/haproxy/geoip/EU.txt acl acl_NA src -f /etc/haproxy/geoip/NA.txt acl acl_OC src -f /etc/haproxy/geoip/OC.txt acl acl_SA src -f /etc/haproxy/geoip/SA.txt
You may reject all connections from a certain continent (for Africa, for instance):
http-request deny if !acl_AF
or address them to different backend servers:
use_backend bk_af if acl_AN