How to change 'IP to Country Lite database' to MaxMind as a source for blocking countries in Plesk Firewall

Follow

Comments

3 comments

  • Avatar
    Michel vd Lingen

    Would be great if we could use our own up-to-date GeoIP.dat and GeoIPv6.dat files. Just like we do with ModSecurity.

    0
    Comment actions Permalink
  • Avatar
    Anumon Mongkontanatus

    I tried everything as described, and we didn't find a solution in the Plesk Facebook Community either. Today I tried again on another server, Debian 11.9 Plesk version 18.0.60. I did the following via ssh:root@pfof1 ~ # nano /usr/local/psa/admin/conf/panel.ini
    root@pfof1 ~ # LICENSE_KEY=xxx plesk sbin modules/firewall/ipsets --configure --data-source maxmind-lite --force
    curl: (22) The requested URL returned error: 401
    Command '['/usr/local/psa/admin/sbin/modules/firewall/geoip/maxmind-lite', '--fetch']' returned non-zero exit status 22.
    exit status 1

    0
    Comment actions Permalink
  • Avatar
    Armin Lütkenhaus

    Following the instructions, step 3 fails with lots of errors mesages like "GeoLite2-Country-Blocks-IPv6.csv:...: expected 6 columns but found 7 - extras ignored". (And similar messages for the IPv4 file.)

    Checking "/opt/psa/admin/sbin/modules/firewall/geoip/maxmind-lite", it appears that Maxmind has added an additional columns named "is_anycast", which is not expected in the script file and leads to the error.

    It seems the import error can be fixed by adding the additional column "is_anycast TEXT" in the "CREATE TABLE" statements for "blocks_ipv4" and "blocks_ipv6".

    0
    Comment actions Permalink

Please sign in to leave a comment.

Have more questions? Submit a request