I've been having issues with attempted hackers trying to break into my web server so I decided to block traffic from everywhere except my target countries: US, France, and Germany. I installed the GeoIP Mod from MaxMind and added the following Location block to my SSL-Site.conf file:
<Location "/">
SetEnvIf GEOIP_COUNTRY_CODE US AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE FR AllowCountry
SetEnvIf GEOIP_COUNTRY_CODE DE AllowCountry
Deny from all
Allow from env=AllowCountry
</Location>
Since implementing this policy, anyone outside of those three countries gets a 403, which is great! What's frustrating, though, is that I can no longer access the site from my internal network. Is there a way to add something like:
allow 192.168.1.0/24
I pieced together this configuration from guides and forums from across the web, so I realize it's not necessarily the best way to be doing my whitelist but I decided that since I know who should be accessing the server, there's no reason to keep it more open than it needs to be. Any suggestions/help would be greatly appreciated!
