Skip to content

Next steps are for home use and we will not be using them in the class. Save the code / ideas and use them later

Requirements

I hope that you did read the topic and will not use this in class.

Get Finnish IP blocks adderess from ipdeny.com

Bash
curl -s "https://www.ipdeny.com/ipblocks/data/countries/fi.zone" > finland_ips.txt

Create UFW rules for Finland (Serverlevel hardening and will not work with docker because of the way docker handles iptables/nftables rules)

Bash
for ip in $(cat finland_ips.txt); do
  sudo ufw allow from $ip to any port 443
done

Install GeoIP2 module For Nginx

Install the GeoIP2 module and the GeoIP database updater:

Bash
sudo apt install nginx-module-geoip2 geoipupdate

Configuration in /etc/nginx/nginx.conf:

Bash
geo $country {
    default ZZ;
    # IP ranges from MaxMind GeoIP database
}

server {
    listen 80;
    server_name your-domain.fi;

    # Block if NOT Finland
    if ($country != "FI") {
        return 444;  # Close connection silently
    }

    location / {
        proxy_pass http://backend;
    }
}

Install GeoIP module for Apache2

Bash
sudo apt install libapache2-mod-maxminddb

In /etc/apache2/apache2.conf:

Bash
<Directory /var/www/html>
    GeoIPEngine On
    GeoIPDBFile /usr/share/GeoIP/GeoLite2-Country.mmdb MaxMindCountryCode
# Only allow Finland + and local IPs
Require geoip country FI 127.0.0.1 192.168.0.0/24 10.0.0.0/24 172.16.0.0/24
</Directory>