Question
How to change 'IP to Country Lite database' to MaxMind as a source for blocking countries in Plesk Firewall
Answer
To switch to a MaxMind data source or change its license key apply the following steps:
1. Connect to the server via SSH
2. Open /usr/local/psa/admin/conf/panel.ini with any suitable text editor, 'vi' for example:
# vi /usr/local/psa/admin/conf/panel.ini
Add the following lines and save the file:
CONFIG_TEXT: [ext-firewall]
geoipDataSource = maxmind-lite
3. In shell execute once
# LICENSE_KEY="your_license_key_here" plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force
Note: Replace "your_license_key_here" with actual MaxMind license key.
Note: the command might emit warnings like below, they can be ignored as long as the return code is 0:
CONFIG_TEXT: ipset v7.11: Set cannot be destroyed: it is in use by a kernel component
4. Then use the Plesk Firewall (UI or CLI) to re-apply the configuration.
The instruction above will use the free GeoLite2 DB. If you have access to the more precise paid GeoIP2 DB and want to use it instead, change maxmind-lite to maxmind in the steps above.
To change back to DB-IP (db-ip-lite data source), simply remove geoipDataSource line from the panel.ini and (re-)apply the Plesk Firewall configuration.
Comments
1 comment
Would be great if we could use our own up-to-date GeoIP.dat and GeoIPv6.dat files. Just like we do with ModSecurity.
Please sign in to leave a comment.