GeoIP Blocking

A Former User

@ronpfs i have squid but does it block geoips?

RonpfS

@antonio-briguglio said in GeoIP Blocking:

i have squid but does it block geoips?

I don't know, I don't use Squid.

Gertjan

@antonio-briguglio said in GeoIP Blocking:

so I want that when a customer for example visits a web page in Turkey that I have blocked that a web page is displayed where it warns that the site is blocked instead of the classic internet page not available

That's what called 'doing MITM'.
You can't (it's very hard).
See here for why not.

If the sites visited were 'http' only the redirection would be easy. https can't be redirected.

A Former User

@ronpfs Hi!
I set up geoips on PfblokerNg.
I tried to block a country of Africa Algeria, two countries of Europe, Germany and Sweden and one of Oceania, New Zealand, blocking the inbound and outbound connections. I type in a site from Algeria and it blocks it I type in a site from Germany and it blocks it and so far everything is ok.
But then when I go to type more sites of the countries that I have blocked here is the surprise the sites as if by magic are no longer blocked they are visible.
Why does this happen? is there a maximum number of consultation?
Then in some countries that I have set the block I have noticed for example that blocking four countries in Europe three out of four blocks one no.
Finally, in the log files trying to block, for example, Algeria in Africa, the site is blocked but the log file shows Europe and not Africa. Help

A Former User

@teamits so I want that when a customer for example visits a web page in Turkey that I have blocked that a web page is displayed where it warns that the site is blocked instead of the classic internet page not available

That's what called 'doing MITM'.
You can't (it's very hard).
See here for why not.

If the sites visited were 'http' only the redirection would be easy. https can't be redirected

RonpfS

@antonio-briguglio It is also possible to put domain like .ru in TLD Blacklist. But that's won't block a .net domain using RU ASN.

A Former User

@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

RonpfS

@antonio-briguglio GeoIP isn't always accurate. I block TOP Spammer from RU, RU_rep, CN and CN_rep, but sometimes the Alerts Tab will report another country. That is because the network is in two countries files.

Example for a block of 45.146.165.149 is reported as GB_v4 45.146.164.0/23.

grep "45\.146\.16" /usr/local/share/GeoIP/cc/*v4.txt
/usr/local/share/GeoIP/cc/DE_v4.txt:45.146.16.0/21
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.160.0/22
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.167.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.168.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/Europe_v4.txt:45.146.16.0/21
/usr/local/share/GeoIP/cc/GB_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/GB_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/LT_v4.txt:45.146.160.0/22
/usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.164.0/23
/usr/local/share/GeoIP/cc/RU_rep_v4.txt:45.146.166.0/24
/usr/local/share/GeoIP/cc/RU_v4.txt:45.146.167.0/24
/usr/local/share/GeoIP/cc/RU_v4.txt:45.146.168.0/23

RonpfS

@antonio-briguglio said in GeoIP Blocking:

@ronpfs but I don't understand why after for example 5 interregations sites no longer block them is it normal?

It shouldn't be normal. Investigate the pfblockerNG log files, firewall logs etc to debug what is happening.

SteveITS

The web site may have round robin or otherwise rotating DNS? For the OP, the Geo IP block is by IP address not web site name.

A Former User

@teamits hi i can't find the program for geoip automatic updates.
The latest version can be downloaded from GitHub called something like geoipupdate_4.0.0_windows_amd64 depending on the version and architecture.
But unfortunately this file is not there.
Can you give me the direct link so I download it on my pc?
Help

RonpfS

@antonio-briguglio You can do that from the Maxmind web site :

Screenshot_2021-02-06 Download GeoIP2 and GeoIP Legacy Databases MaxMind.png

A Former User

@ronpfs Hi!
explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
I only have a pc with windows q0 home.
I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

A Former User

@teamits Hi!
explain to me how to update binary databases GeoIP2 and GeoIP Legacy.
I only have a pc with windows 10 home.
I honestly didn't understand anything if you can show me screenshots and explain me in a simple way. Help thanks

SteveITS

It sounds like you're trying to run updates manually? Let pfBlocker do it.

and on the IP page:

A Former User

@teamits okkkkk :-)

A Former User

@ronpfs thank you :-)

A Former User

@gertjan ok thank you :-)