initial commit of file from CVS for smeserver-mod_maxminddb on Sat Sep 7 20:42:45 AEST 2024

2024-09-07 20:42:45 +10:00
parent 4d5856e4cc
commit 26d83ef9c2
12 changed files with 202 additions and 2 deletions
--- a/root/etc/e-smith/db/configuration/defaults/modMaxminddb/Path
+++ b/root/etc/e-smith/db/configuration/defaults/modMaxminddb/Path
@@ -0,0 +1 @@
+/usr/share/GeoIP
--- a/root/etc/e-smith/db/configuration/defaults/modMaxminddb/status
+++ b/root/etc/e-smith/db/configuration/defaults/modMaxminddb/status
@@ -0,0 +1 @@
+enabled
--- a/root/etc/e-smith/db/configuration/defaults/modMaxminddb/type
+++ b/root/etc/e-smith/db/configuration/defaults/modMaxminddb/type
@@ -0,0 +1 @@
+service
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule80mod_maxminddb
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/20LoadModule80mod_maxminddb
@@ -0,0 +1,32 @@
+{
+    # vim: ft=perl:
+    my $status = $modMaxminddb{status} || 'disabled';
+    my $path = $modMaxminddb{Path} || '/usr/share/GeoIP';
+    if ( $status eq "enabled" )
+    {
+        $OUT .= "LoadModule maxminddb_module   modules/mod_maxminddb.so\n";
+        $OUT .= "<IfModule mod_maxminddb.c>\n";
+        $OUT .= "    MaxMindDBEnable On\n";
+        $OUT .= "    MaxMindDBFile   COUNTRY_DB $path/GeoLite2-Country.mmdb\n";
+        $OUT .= "    MaxMindDBFile   CITY_DB $path/GeoLite2-City.mmdb\n";
+        $OUT .= "    MaxMindDBEnv    COUNTRY_CODE COUNTRY_DB/country/iso_code\n";
+        $OUT .= "    MaxMindDBEnv REGION_CODE  CITY_DB/subdivisions/0/iso_code\n";
+        $OUT .= "    MaxMindDBEnv MM_COUNTRY_CODE CITY_DB/country/iso_code\n";
+        $OUT .= "    MaxMindDBEnv MM_COUNTRY_NAME CITY_DB/country/names/en\n";
+        $OUT .= "    MaxMindDBEnv MM_CITY_NAME CITY_DB/city/names/en\n";
+        $OUT .= "    MaxMindDBEnv MM_LONGITUDE CITY_DB/location/longitude\n";
+        $OUT .= "    MaxMindDBEnv MM_LATITUDE CITY_DB/location/latitude\n";
+        $OUT .= "    MaxMindDBEnv MM_CONTINENT_CODE CITY_DB/continent/code\n";
+        $OUT .= "    MaxMindDBEnv MM_CONTINENT_NAME CITY_DB/continent/names/en\n";
+        $OUT .= "    MaxMindDBEnv MM_REGION_CODE  CITY_DB/subdivisions/0/iso_code\n";
+        $OUT .= "    MaxMindDBEnv MM_REGION_NAME CITY_DB/continent/names/en\n";
+        $OUT .= "    MaxMindDBEnv MM_POSTAL_CODE CITY_DB/postal/code\n";
+        $OUT .= "    MaxMindDBEnv MM_LOCATION_TIME_ZONE CITY_DB/location/time_zone\n";
+
+        $OUT .= "</Ifmodule>\n";
+    }
+    else
+    {
+	$OUT .= "# mod_maxminddb disabled\n";
+    }
+}
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/79externalSSLAccessStringGeoip
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/79externalSSLAccessStringGeoip
@@ -0,0 +1,17 @@
+
+{
+    #---------------------------------------------------------------------
+    # Grab ValidFromGeoIP access list property of httpd-admin
+    # SSL enabled virtual hosts should only allow access from IP's in
+    # this list, as well as local networks.
+    #---------------------------------------------------------------------
+    
+    $OUT = '# Mod_maxminddb variable definition';
+
+    my $validFromGeoIP = ${'httpd-admin'}{'ValidFromGeoIP'};
+    return "#disabled\n" unless (defined $validFromGeoIP && ($modMaxminddb{'status'}||'disabled') eq 'enabled' );
+    $validFromGeoIP =~ s/,/|/g;
+    $OUT .= "\nSetEnvIf MM_COUNTRY_CODE ^($validFromGeoIP) AllowCountries\n";
+    # prior apache 2.4  you could combine ip and env by doing  $externalSSLAccess .= ' env=AllowCountries';
+    # now you should add "Require env AllowCountries" in Files, Directory or Location section
+ }
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/98geoipallow
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/VirtualHosts/98geoipallow
@@ -0,0 +1,23 @@
+{
+  $OUT ="   # Mod_maxminddb\n";
+  return "   #disabled\n" unless ( ($modMaxminddb{'status'}||'disabled') eq 'enabled' ||  defined (${'httpd-admin'}{'ValidFromGeoIP'}) );
+  $haveSSL = (exists ${modSSL}{status} and ${modSSL}{status} eq "enabled") ?  'yes' : 'no';
+ if (($haveSSL eq 'yes') && ($port eq $httpsPort) ) {
+ $OUT .="   <Location /server-manager>
+        Require ip $localAccess $externalSSLAccess
+        Require env AllowCountries
+   </Location>\n" if (-d "/etc/e-smith/web/panels/manager/" && (${'httpd-admin'}{'GeoIPManager'} || 'enabled' ) eq 'enabled' );
+ $OUT .="   <Location /server-common>
+        Require ip $localAccess $externalSSLAccess
+        Require env AllowCountries
+   </Location>\n" if ( (${'httpd-admin'}{'GeoIPManager'} || 'enabled' ) eq 'enabled' || (${'httpd-admin'}{'GeoIPUser'} || 'enabled' ) eq 'enabled' || (${'httpd-admin'}{'GeoIPPassword'} || 'enabled' ) eq 'enabled') ;
+ $OUT .="   <Location /user-manager>
+        Require ip $localAccess $externalSSLAccess
+        Require env AllowCountries
+   </Location>\n" if (-d "/etc/e-smith/web/panels/user/" && (${'httpd-admin'}{'GeoIPUser'} || 'enabled' ) eq 'enabled' );
+ $OUT .="   <Location /user-password>
+        Require ip $localAccess $externalSSLAccess
+        Require env AllowCountries
+   </Location>\n" if (-d "/etc/e-smith/web/panels/password/" && (${'httpd-admin'}{'GeoIPPassword'} || 'enabled' ) eq 'enabled' );
+ }
+}