Articles in this section

How to change 'IP to Country Lite database' to MaxMind as a source for blocking countries in Plesk Firewall

Vincent Lauton
Updated
DoNotDelete:docref kb: how-to Plesk for Linux

Applicable to:

  • Plesk for Linux

Question

How to change 'IP to Country Lite database' to MaxMind as a source for blocking countries in Plesk Firewall

Answer

Follow these steps to switch to MaxMind or change its license key.

  1. Connect to the server via SSH

  2. Edit /usr/local/psa/admin/conf/panel.ini

    # vi /usr/local/psa/admin/conf/panel.ini

  3. Add the following lines depending on the version to use and save the file:

    • GeoLite2 DB (free)

      [ext-firewall]
      geoipDataSource = maxmind-lite

    • GeoIP2 DB (paid)

      [ext-firewall]
      geoipDataSource = maxmind

  4. Run this command on the terminal once

    Note: Replace "<license_key>" with the MaxMind license key.

    # LICENSE_KEY="<license_key>" plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force

    This may result in warnings like the follwing. They can be ignored as long as their return code is 0:

    ipset v7.11: Set cannot be destroyed: it is in use by a kernel component

  5. Reapply the configuration using Plesk Firewall

To switch back to DB-IP (db-ip-lite data source), remove the geoipDataSource line from panel.ini and reapply the Plesk Firewall configuration.

PPP-60724

Was this article helpful?

Comments

3 comments
Date Votes
  • Avatar
    Michel vd Lingen

    Would be great if we could use our own up-to-date GeoIP.dat and GeoIPv6.dat files. Just like we do with ModSecurity.

    0
  • Avatar
    Anumon Mongkontanatus

    I tried everything as described, and we didn't find a solution in the Plesk Facebook Community either. Today I tried again on another server, Debian 11.9 Plesk version 18.0.60. I did the following via ssh:root@pfof1 ~ # nano /usr/local/psa/admin/conf/panel.ini
    root@pfof1 ~ # LICENSE_KEY=xxx plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force
    curl: (22) The requested URL returned error: 401
    Command '['/usr/local/psa/admin/sbin/modules/firewall/geoip/maxmind-lite', '--fetch']' returned non-zero exit status 22.
    exit status 1

    0
  • Avatar
    Armin Lütkenhaus

    Following the instructions, step 3 fails with lots of errors mesages like "GeoLite2-Country-Blocks-IPv6.csv:...: expected 6 columns but found 7 - extras ignored". (And similar messages for the IPv4 file.)

    Checking "/opt/psa/admin/sbin/modules/firewall/geoip/maxmind-lite", it appears that Maxmind has added an additional columns named "is_anycast", which is not expected in the script file and leads to the error.

    It seems the import error can be fixed by adding the additional column "is_anycast TEXT" in the "CREATE TABLE" statements for "blocks_ipv4" and "blocks_ipv6".

    0

Please sign in to leave a comment.