6
General Software Discussion / Which Of These Security Methods Should I Try ? Mod Security Or GeoIP Apache Way
« on: April 19, 2019, 10:37 AM »
Technical Gurus,
I need your brilliant experienced opinion.
You see, it's practically impossible to make my website abide by the new EU GDPR without annoying my websites visitors. Hence, have decided to block all EU visitors altogether. I asked my webhost regarding this issue and they pointed me to these links:
Mod Security:
https://forums.cpanel.net/threads/blocking-visitors-from-certain-countries.574681/
GeoIP:
https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ and https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/
They suggested I take the "GeoIP apache module way".
Now, I'm not too technical. New in all this. I tried installing both the Mod Security and the GeoIP Apache Module but failed (even after following the steps in the articles) as I don't have much experience with Unix/Linux. Therefore, searched for someone to take care of it. Told him to install both Mod Security and GeoIP Apache Module but to do it without touching the .htaccess because the following article says it will go to thousands of lines of code if I do it using .htaccess.
https://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/
The technician had a look at the links I gave and said he will install the GeoIP module but not by following the steps mentioned in the following article and he has to do it using .htaccess.
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/
Says there would only be 28 lines of code to block 28 EU countries.
Also says, if he follows the steps mentioned on the above link (tecmint article) then things will get messed-up. His exact words are:
"You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess.".
He says he will do it following the steps mentioned here:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru
He says that is the proper way to do it on cPanel Server.
I asked my webhost about this and they have gone silent. Hence, approaching you folks for your expert opinions.
I have Vps with Root Access: SSH, Panel. I got CentOS OS, Whm and cPanel ($15 version).
I got my webhost to build 8 cPanel accounts for my 8 domains. 1 cPanel account per domain. I think they built them via Whm. (Still learning about Whm).
I told the technician, I want him to set things up on my Whm so any domains & cPanel accounts I add in the future (1 new cPanel account for 1 new domain) to my Vps should also block EU visitors. He said aslong as I have Root Access he will set things up following the steps in that article:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru
You have now heard about my hardwares & softwares and what I need done. Block all EU visitors from my current 8 websites and from all future websites/domains hosted on this Vps. My questions are:
Q1. Must the GeoIP and the Mod Security be installed on my Whm for them to work on all my current and future websites/domains/cPanels hosted on this vps under this Whm ?
Q2. Which option is best for me ? Mod Security or GeoIP ? If I install both then that would not be a problem. Am I right ?
Q3. Is the technician correct when he says "You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess."
He says the steps in following article is bad:
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos
Is he correct ?
He further says: "I'll compile GeoIP module and GeoIP database on your server Apache and then you can easily block countries, and do not have to block IPs.". Is it better to do it this way over the techmint article way ?
Should I opt for his method instead (do things the .htaccess way) and
should I ignore the warning on the Site Point Forum article to not to things the .htaccess way ?
I am puzzled, confused and need your expert opinions and advice as I know you won't be giving biased advices.
Thank you for your interest in helping me out.
Whatever method you recommend, make sure it will be easy for me to easily add more countries in the banning list without needing to fiddle with messy code.
I need your brilliant experienced opinion.
You see, it's practically impossible to make my website abide by the new EU GDPR without annoying my websites visitors. Hence, have decided to block all EU visitors altogether. I asked my webhost regarding this issue and they pointed me to these links:
Mod Security:
https://forums.cpanel.net/threads/blocking-visitors-from-certain-countries.574681/
GeoIP:
https://grepitout.com/install-mod_geoip-cpanel-easyapache-4/ and https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/
They suggested I take the "GeoIP apache module way".
Now, I'm not too technical. New in all this. I tried installing both the Mod Security and the GeoIP Apache Module but failed (even after following the steps in the articles) as I don't have much experience with Unix/Linux. Therefore, searched for someone to take care of it. Told him to install both Mod Security and GeoIP Apache Module but to do it without touching the .htaccess because the following article says it will go to thousands of lines of code if I do it using .htaccess.
https://www.sitepoint.com/how-to-block-entire-countries-from-accessing-website/
The technician had a look at the links I gave and said he will install the GeoIP module but not by following the steps mentioned in the following article and he has to do it using .htaccess.
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos/
Says there would only be 28 lines of code to block 28 EU countries.
Also says, if he follows the steps mentioned on the above link (tecmint article) then things will get messed-up. His exact words are:
"You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess.".
He says he will do it following the steps mentioned here:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru
He says that is the proper way to do it on cPanel Server.
I asked my webhost about this and they have gone silent. Hence, approaching you folks for your expert opinions.
I have Vps with Root Access: SSH, Panel. I got CentOS OS, Whm and cPanel ($15 version).
I got my webhost to build 8 cPanel accounts for my 8 domains. 1 cPanel account per domain. I think they built them via Whm. (Still learning about Whm).
I told the technician, I want him to set things up on my Whm so any domains & cPanel accounts I add in the future (1 new cPanel account for 1 new domain) to my Vps should also block EU visitors. He said aslong as I have Root Access he will set things up following the steps in that article:
https://www.paunovic.win/2018/06/15/instalacija-mod_geoip-modula-na-cpanel-whm-serveru
You have now heard about my hardwares & softwares and what I need done. Block all EU visitors from my current 8 websites and from all future websites/domains hosted on this Vps. My questions are:
Q1. Must the GeoIP and the Mod Security be installed on my Whm for them to work on all my current and future websites/domains/cPanels hosted on this vps under this Whm ?
Q2. Which option is best for me ? Mod Security or GeoIP ? If I install both then that would not be a problem. Am I right ?
Q3. Is the technician correct when he says "You can't directly edit apache configuration as techmin article suggest, because you are running cPanel. settings must be "friendly" with cpanel, or they'll get lost and make mess."
He says the steps in following article is bad:
https://www.tecmint.com/install-mod_geoip-for-apache-in-centos
Is he correct ?
He further says: "I'll compile GeoIP module and GeoIP database on your server Apache and then you can easily block countries, and do not have to block IPs.". Is it better to do it this way over the techmint article way ?
Should I opt for his method instead (do things the .htaccess way) and
should I ignore the warning on the Site Point Forum article to not to things the .htaccess way ?
I am puzzled, confused and need your expert opinions and advice as I know you won't be giving biased advices.
Thank you for your interest in helping me out.
Whatever method you recommend, make sure it will be easy for me to easily add more countries in the banning list without needing to fiddle with messy code.