Ä¿ÇǴнº, ½Ã½ºÅÛ ¿£Áö´Ï¾îÀÇ ½°ÅÍ Ä¿ÇÇÇâÀÌ ³ª´Â *NIX
Ä¿ÇǴнº
½Ã½ºÅÛ/³×Æ®¿÷/º¸¾ÈÀ» ´Ù·ç´Â °÷
* HanIRCÀÇ #coffeenix ¹æ
[ Àåºñ ¹× ȸ¼± ÈÄ¿ø ]
HOME > ³×Æ®¿öÅ©(network) > À¥ ¼­¹ö(web, httpd, apache) µµ¿ò¸»
°Ë»ö : »çÀÌÆ® WHOIS À¥¼­¹ö Á¾·ù

WebDAV (7, ±Û 1, ÀÚ·á 4)
À¥¼­¹ö Æ©´× (5, ±Û 4, ÀÚ·á 2)
À¥¼­¹ö »ç¿ë Åë°è ÀÚ·á (2, ÀÚ·á 1)
Apache SSL / mod_ssl (4, ±Û 3, ÀÚ·á 2)

  GeoIP È°¿ë(¾ÆÆÄÄ¡ À¥·Î±×¿¡ ±¹°¡ÄÚµå ³²±â±â ¿Ü) ÀÛ¼ºÀÏ : 2008/04/23 08:34
 
  • ±Û¾´ÀÌ : ÁÁÀºÁøÈ£ ( http://coffeenix.net/ )
  • Á¶È¸¼ö : 23488
          [ ÀÌÀüÈ­¸é / ¼öÁ¤ ]   ºñ¹Ð¹øÈ£ :     Àμâ¿ë È­¸é
      Á¦  ¸ñ : GeoIP È°¿ë(¾ÆÆÄÄ¡ À¥·Î±×¿¡ ±¹°¡ÄÚµå ³²±â±â ¿Ü)
    ÀÛ¼ºÀÚ : ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )
    ÀÛ¼ºÀÏ : 2008.3.18(È­)
    Á¤¸®ÀÏ : 2008.4.20(ÀÏ)
    ¼öÁ¤ÀÏ : 2008.4.23(¼ö)

    MaxMindÀÇ GeoIP µ¥ÀÌÅ͸¦ ÀÌ¿ëÇؼ­ ´ÙÀ½ 2°¡Áö¿¡ È°¿ëÇÒ °ÍÀÌ´Ù.
    1) À¥ÆäÀÌÁö¿¡ Á¢¼ÓÇÑ IP°¡ ¾î´À ±¹°¡ÀÎÁö¸¦ ¾ÆÆÄÄ¡ À¥·Î±×¿¡ ÄÚµå·Î ³²±â°í, ¶ÇÇÑ Æ¯Á¤ À¥ÆäÀÌÁö¸¦ ±¹°¡º°·Î Á¢±ÙÀ» Á¦ÇÑÇÏ´Â ¹æ¹ýÀ» ¾Ë¾Æº»´Ù.
    2) IP¸¦ ÁöÁ¤ÇÏ¸é ±× IP°¡ ¾î´À ±¹°¡ÀÇ °ÍÀÎÁö¸¦ ¾Ë¾Æ³»´Â php ½ºÅ©¸³Æ®¿¡ ´ëÇØ ¾Ë¾Æº¼ °ÍÀÌ´Ù.

    iptables¿¡ GeoIP¸¦ ÀÌ¿ëÇؼ­ ±¹°¡º°·Î IP¸¦ Â÷´ÜÇÏ´Â °ÍÀº '6. GeoIP·Î ±¹°¡º° IP Â÷´Ü ¼³Á¤ ÀÚ·á'¸¦ Âü°íÇϱ⠹ٶõ´Ù.

    1. GeoIP C API ¼³Ä¡

    apacheÀÇ mod_geoip ¸ðµâÀ̳ª phpÀÇ geoip.so ¸ðµâÀ» ¼³Ä¡Çϱâ À§Çؼ­´Â ¸ÕÀú GeoIP C API ¸ÕÀú ¼³Ä¡ÇØ¾ß ÇÑ´Ù.
    http://www.maxmind.com/app/c ¿¡¼­ ¹Þ¾Æ ¼³Ä¡ÇÑ´Ù.

     
    # ./configure --prefix=/usr/local/GeoIP
    # make
    # make install
     


    /usr/local/GeoIP/share/GeoIP/ ¿¡ GeoIP ¹ÙÀ̳ʸ® Æ÷¸Ë ÆÄÀÏ(GeoIP.dat)ÀÌ Á¸ÀçÇÑ´Ù. ÇöÀç ¾à 1MB.

    2. apache¿¡¼­ GeoIP È°¿ëÇϱâ

    http://www.maxmind.com/app/mod_geoip ¿¡¼­ mod_geoip2(ÇöÀç ¹öÀü 1.2.1)¸¦ ¹Þ¾Æ¿Â´Ù. apache´Â /usr/local/www¿¡ ¼³Ä¡µÇ¾î ÀÖ°í, Apache 2.2.x ±âÁØÀ¸·Î ¼³¸íÇÑ´Ù. ¾Æ·¡¿¡ -I/usr... ¿¡¼­ -I´Â ´ë¹®ÀÚ I(¾ÆÀÌ), -lGeoIP ¿¡¼­ -l Àº ¼Ò¹®ÀÚ L(¿¤)ÀÌ´Ù. (ºê¶ó¿ìÀú ±Û²Ã¿¡ µû¶ó ±¸º°ÀÌ Àß ¾ÈµÉ ¼ö ÀÖÀ¸´Ï ÁÖÀÇ) apxs ¸í·ÉÀ» ³»¸®¸é /usr/local/www/modules/mod_geoip.so ¿¡ ÀÚµ¿À¸·Î ¼³Ä¡µÈ´Ù.

     
    # apxs -i -a -L/usr/local/GeoIP/lib -I/usr/local/GeoIP/include -lGeoIP -c mod_geoip.c
     


    apache ¸ðµâÀÌ ¼³Ä¡µÈ »óÅ¿¡¼­ phpinfo() ¸¦ »ìÆ캸¸é, Apache Environment ºÎºÐ¿¡¼­ GEOIP_CONTINENT_CODE, GEOIP_COUNTRY_CODE, GEOIP_COUNTRY_NAMEȯ°æ º¯¼ö¸¦ º¼ ¼ö ÀÖ´Ù.



    apache À¥·Î±×ÀÇ ¸¶Áö¸·Ä­¿¡ ±¹°¡Äڵ带 ³²±â´Â ¹æ¹ýÀ» ¼³¸íÇÑ´Ù. ·Î±×¿¡ ±¹°¡Äڵ带 ³²±èÀ¸·Î½á, 1) IP¸¦ °®°í whois·Î ¾î´À ±¹°¡ÀÎÁö¸¦ ã¾Æº¼ ÇÊ¿ä°¡ ¾ø¾îÁö°í, 2) ƯÁ¤ÆäÀÌÁö¸¦ ¾î´À ±¹°¡¿¡¼­ ¿äûÇÏ´ÂÁö Åë°è¸¦ »Ì¾Æº¼ ¼öµµ ÀÖ°í, 3) À¥ÇØÅ·½Ãµµ¸¦ ÇÒ ¶§ ¾î´À ±¹°¡¿¡¼­ °ø°ÝÇÏ´Â °ÍÀÎÁö ¹Ù·Î È®ÀÎÇÒ ¼ö ÀÖ´Ù.

     
    <IfModule geoip_module>
            GeoIPEnable On
            GeoIPDBFile /usr/local/GeoIP/share/GeoIP/GeoIP.dat
    </IfModule>

    LogFormat "%h %l %u %t \"%r\" %>s %b \"%{Referer}i\" \"%{User-Agent}i\" %{Host}i %{GEOIP_COUNTRY_CODE}e" cnxlog

    CustomLog logs/access_log cnxlog
     


    À§¿¡¼­ %{º¯¼ö¸í}i Çü½ÄÀº ¿äûÇÒ ¶§ÀÇ HeaderÁß ÇØ´ç °ªÀ» ¸»ÇÑ´Ù. %{º¯¼ö¸í}e ´Â ȯ°æº¯¼ö¸¦ ÀǹÌÇÑ´Ù. LogFormat ¼³Á¤ Áß¿¡ 2°¡Áö¸¦ »ìÆ캸ÀÚ.

    %{Host}i : ¿äûÇÑ È£½ºÆ®¸íÀ» ·Î±×¿¡ ³²±ä´Ù. À̸¦Å׸é ÇϳªÀÇ ¼­¹ö¿¡ 2°³ ÀÌ»óÀÇ µµ¸ÞÀÎÀ» °®°í ÀÖÀ» ¶§ À¯¿ëÇÏ´Ù.
               www.foobar.com, www.foobar.net, foobar.com µîÀÇ µµ¸ÞÀÎÀÌ ÀÖÀ» ¶§ ¾î¶² µµ¸ÞÀÎÀ¸·Î ¿äûÇß´ÂÁö¸¦ ³²±æ ¼ö ÀÖ°Ô µÈ´Ù.
    %{GEOIP_COUNTRY_CODE}e : GEOIP_COUNTRY_CODE ȯ°æº¯¼ö, Áï ±¹°¡Äڵ带 ³²±ä´Ù.

    ´ÙÀ½Àº ƯÁ¤Àº ÆäÀÌÁö¸¦ ÁöÁ¤ÇÑ ±¹°¡¿¡¼­ Á¢±ÙÇÒ ¼ö ¾øµµ·Ï ¼³Á¤ÇÑ ¿¹ÀÌ´Ù.

     
    <IfModule geoip_module>
            GeoIPEnable On
            GeoIPDBFile /usr/local/GeoIP/share/GeoIP/GeoIP.dat

            <Location /data>
               SetEnvIf GEOIP_COUNTRY_CODE CN blockcountry
               SetEnvIf GEOIP_COUNTRY_CODE RU blockcountry
               SetEnvIf GEOIP_COUNTRY_CODE TH blockcountry

    #          SetEnvIf GEOIP_COUNTRY_CODE KR allowcountry

               <Limit GET POST>
                 Order Allow,Deny
                 Allow from all
                 Deny  from env=blockcountry
               </Limit>
            </Location>
    </IfModule>
     


    À§´Â ƯÁ¤ ±¹°¡¸¸ Á¦ÇÑÇÏ´Â °ÍÀε¥, ¹Ý´ë·Î ƯÁ¤ ±¹°¡¸¸ Çã¿ëÇÏ·Á¸é À§ÀÇ ³»¿ëÁß¿¡ location ºÎºÐÀ» ´ÙÀ½°ú °°ÀÌ ¼öÁ¤ÇÏ¸é µÈ´Ù.

     
            <Location /data>
               SetEnvIf GEOIP_COUNTRY_CODE KR allowcountry
               <Limit GET POST>
                 Order Deny,Allow
                 Deny  from all
                 Allow from env=allowcountry
               </Limit>
            </Location>
     


    À§ÀÇ 2°¡Áö ¼³Á¤(·Î±×¿¡ ±¹°¡ÄÚµå, ƯÁ¤ ±¹°¡ Á¦ÇÑ)ÀÌ Àû¿ëµÈ ·Î±× ¿¹(ÀϺΠ·Î±×´Â º¯°æ ó¸®ÇÔ)ÀÌ´Ù. 2¹ø° ÁÙÀº ƯÁ¤ ±¹°¡ Á¢¼Ó½Ã 403 ¿¡·¯¸¦ ¹ß»ýÇϸç, Á¢±ÙÀÌ Á¦ÇѵÆÀ½À» È®ÀÎÇÒ ¼ö ÀÖ´Ù.

     
    125.129.xxx.xxx - - [01/Apr/2008:01:07:15 +0900] "GET /bbs/ HTTP/1.1" 200 29388 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; ko; rv:1.8.1.13) Gecko/20080311 Firefox/2.0.0.13" foobar.com KR
    61.243.xxx.xxx - - [01/Apr/2008:01:17:20 +0900] "GET /data/linux_base/editors.html HTTP/1.1" 403 520 "-" "Mozilla/4.0 (compatible; MSIE 5.5; Windows 98; DigExt)" foobar.com CN
     


    3. php¿ë ¸ðµâ ¼³Ä¡

    apache ¸ðµâ¸¸ ¼³Ä¡µÇ¾î À־, php¿¡¼­ ´ÙÀ½°ú °°ÀÌ Á¢¼ÓÇÑ °÷ÀÇ ±¹°¡ Äڵ带 È®ÀÎÇغ¼ ¼ö ÀÖ´Ù.

     
    <?
    $country_code = apache_note("GEOIP_COUNTRY_CODE");
    $country_name = apache_note("GEOIP_COUNTRY_NAME");

    echo "$country_code<br>";
    echo "$country_name<br>";
    ?>

    [ °á°ú ]

    KR
    Korea, Republic of
     


    ±×·¯³ª GeoIP php ¸ðµâÀ» ¼³Ä¡ÇÑ´Ù¸é ´õ ÀÚ¼¼ÇÑ Á¤º¸¸¦ ¾òÀ» ¼ö ÀÖ´Ù. apache¸¸ÀÇ ¸ðµâ·Î´Â ÇöÀç Á¢¼ÓÇÑ IPÀÇ ±¹°¡Äڵ常 ¾Ë ¼ö ÀÖÁö¸¸, php ¸ðµâ·Î´Â º»ÀÎÀÌ ¿øÇÏ´Â IP¸¦ ÁöÁ¤ÇÏ¿© ¾Ë¾Æ³¾ ¼ö ÀÖ´Ù. ¶ÇÇÑ µµ¸ÞÀÎÀ» ÁöÁ¤ÇÒ ¼öµµ Àִµ¥, À̶© µµ¸ÞÀÎÀ» IP·Î lookupÇÑ ´ÙÀ½¿¡  ¾î´À ³ª¸®ÀÎÁö µîÀ» ¾Ë¾Æ³½´Ù.

    php ¸ðµâÀ» ¼³Ä¡Çغ¸ÀÚ. http://pecl.php.net/package/geoip/ ¿¡¼­ ÃֽŠGeoIP PHP extension(ÇöÀç geoip-1.0.2.tgz)À» ¹Þ´Â´Ù. configureÇÒ ¶§ php-config ¸í·É °æ·Î¿Í GeoIPÀÇ µð·ºÅ丮¸¦ ÀÚ½ÅÀÇ È¯°æ¿¡ ¸Â°Ô ÁöÁ¤ÇÑ´Ù.

     
    # phpize
    # ./configure  --with-php-config=/usr/local/bin/php-config --with-geoip=/usr/local/GeoIP
    # make
    # make install
     


    php.ini ¿¡ ¸ðµâ ¼³Á¤À» Ãß°¡ÇÑ´Ù. ÇÊ¿ä½Ã¿¡ extension_dir = "" ·Î php¸ðµâÀÌ ÀÖ´Â µð·ºÅ丮¸¦ ÁöÁ¤ÇÑ´Ù.

     
    extension=geoip.so

    ... »ý·« ...
    [geoip]
    geoip.custom_directory=/usr/local/GeoIP/share/GeoIP
     


    4. php¿¡¼­ GeoIP Å×½ºÆ®

    php¿ë »ùÇà ¼Ò½º´Â http://www.maxmind.com/download/geoip/api/php/ ¿¡¼­ È®ÀÎÇÒ ¼ö ÀÖ´Ù. ¿©±â¼­´Â Å×½ºÆ®¸¦ À§ÇØ ¸¸µé¾îº» Å×½ºÆ®¿ë ¼Ò½º¸¦ ¼Ò°³ÇÒ °ÍÀ̸ç, ±× °á°úµµ ÇÔ²² »ìÆ캻´Ù.

    * geoip_php.html ³»·Á¹Þ±â
     
    <?
    // GeoIP Å×½ºÆ®
    //
    // 2008.3
    // by ÁÁÀºÁøÈ£(truefeel, http://coffeenix.net/ )

    $geoip_database_info = geoip_database_info(GEOIP_COUNTRY_EDITION);
    $geoip_db_filename   = geoip_db_filename(GEOIP_COUNTRY_EDITION);
    $all_info            = geoip_db_get_all_info();

    echo "geoip_database_info = $geoip_database_info <br>\n";
    echo "geoip_db_filename   = $geoip_db_filename <br>\n";

    // µµ¸ÞÀκ°·Î ¼­¹ö°¡ ¾î´À ±¹°¡¿¡ À§Ä¡ÇØ ÀÖ´ÂÁö ¾Ë¾Æº¸±â
    $arURL  = array(
            "www.google.co.kr",
            "www.daum.net",
            "www.naver.com",
            "www.skype.com",
            "www.bbc.co.uk",
            "www.badoo.com",
            "mixi.jp",
            "www.baidu.com",
            );

    foreach ( $arURL as $u ) {
            $country        = geoip_country_name_by_name($u);
            $country_code   = geoip_country_code_by_name($u);
            $country_3code  = geoip_country_code3_by_name($u);

            echo "* $u = $country, $country_code, $country_3code <br>\n";
    }

    //
    echo "<pre>";
    print_r($all_info);
    echo "</pre>";

    ?>
     




    5.Âü°íÀÚ·á

    * PHP : GeoIP Functions
      http://www.php.net/manual/en/ref.geoip.php
    * PECL :: Package :: geoip
      http://pecl.php.net/package/geoip/
    * GeoIP PHP API
      http://www.maxmind.com/app/php
    * Installation of PECL extensions
      http://www.php.net/manual/en/install.pecl.php

    6. GeoIP·Î ±¹°¡º° IP Â÷´Ü ¼³Á¤ ÀÚ·á

    * ±¹°¡º°·Î Á¢¼Ó Â÷´Ü¼³Á¤À» ÇÏ°íÀÚ ÇÒ ¶§ (±Û È«¼®¹ü)
      http://www.tt.co.kr/~antihong/documents/iptables_country.pdf
    * ssh dictionary attack ¸·±â (±Û ±èÁ¤±Õ)
      http://my.oops.org/42
    * RHEL/CentOS ¿¡¼­ GeoIP kernel module ºôµå (±Û ±èÁ¤±Õ)
      http://my.oops.org/117
    * centos5 geoip patchÇϱâ
      http://kldp.org/node/82983
      Ä¿ÇǴнº Ä«Æä ÃÖ±Ù ±Û
    [03/24] Youtube òÁ&#2
    [03/20] Re: ¿Â¶óÀΰÔÀÓÀÇ Á¾ÁÖ±¹ ´ëÇѹα¹
    [03/20] ½ÇÁ¦&#4
    [03/18] ±¹°¡&#5
    [10/20] Cross Compiler ±ò
    [07/14] SSL ¬¡¬°
    [04/26] Re: µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [04/25] µµ½ºÈ­¸é ¿ø°ÝÁ¶Á¾ ¿©ºÎ
    [10/30] Cshell¿¡¼­ ³­¼ö ¼³Á¤
    [10/23] °øÇ×öµµÁÖ½Äȸ»ç SE ±¸ÀÎ Ëì
    [01/26] Re: wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/25] wgetÀ¸·Î ´Ù¸¥¼­¹ö¿¡ÀÖ´Â µð·ºÅ丮¸¦ °¡Á®¿À·Á°íÇÕ´Ï´Ù.
    [01/11] ƯÁ¤ ¾Èµå·ÎÀ̵å WebView ¹öÀü¿¡¼­ SSL ¹®Á¦ (WebView ¹ö±×)
    [08/01] DNS forwarder (Àü´ÞÀÚ) ¼­¹ö¸¦ ÅëÇؼ­ Äõ¸®ÇÏ¸é ¿ª¹æÇâÀ» ¹Þ¾Æ¿ÀÁú ¸øÇÕ´Ï´Ù.
    [05/16] (ÁÖ)ÈÄÀÌÁî ½Ã½ºÅÛ¿£Áö´Ï¾î (°æ·ÂÀÚ) ¸ðÁý
      New!   ÃÖ±Ù¿¡ µî·ÏÇÑ ÆäÀÌÁö
      KiCad EDA Suite project (Free/Libre/Open-Source EDA Suite) (CAD)
      ¿ÀÇÂij½ºÄÉÀ̵å ijµå (OpenCASCADE CAD)
      QCad for Windows --- GNU GPL (Free Software)
      The Hello World Collection
      IPMI¸¦ È°¿ëÇÑ ¸®´ª½º ¼­¹ö°ü¸®
      DNS ¼³Á¤ °Ë»ç
      nagiosgraph ¼³Ä¡ ¹æ¹ý
      Slony-I ¼³Ä¡ ¹æ¹ý (postgresql replication tool)
      Qmail±â¹ÝÀÇ Anti spam ½Ã½ºÅÛ ±¸ÃàÇϱâ
      clusterssh

    [ ÇÔ²²ÇÏ´Â »çÀÌÆ® ]




    ¿î¿µÁø : ÁÁÀºÁøÈ£(truefeel), ¾ß¼ö(yasu), ¹ü³ÃÀÌ, sCag
    2003³â 8¿ù 4ÀÏ~