Since 4.5.8 version HAProxy-WI has ability to download and update GeoLite2 via web panel.
GeoIP, MaxMind’s IP intelligence product, consists of several related products. GeoIP lets you discover information about a specific IP address. Maxmind provides web services, subscription-based downloadable databases, and free downloadable databases.
MaxMind provides access to GeoLite2 databases only after registration now. So, you need get Licence key before using. This instruction shows how to do it.
First of all create account here:
After this step you will receive an email with next instructions:
Follow the link for password creating:
After finishing registration you can access into your private cabinet:
For directly Database downloading you must get Licence key. Go to "My Licence Key" section: Follow the link for password creating:
The screen will display the license number that needs to be saved - then it will not be possible to see it, just write out a new license:
And put your licence key to maxmind_key into your group settings:
HAProxy-WI provides to you ability to use GeoLite2 via web interface. Before using GeoLite2 Licence key must be created.
After you have created the Licence key and added it into the group settings you can start using GeoLite2 Database:
Chose a server for uploading, HAProxy-WI will show, if there is GeoLite2(in the black box), and press the "Install" button(in the green box).
HAProxy-WI will download and format it from GeoIP to acceptable format for HAProxy service. Also HAProxy-WI will separate IPs range from one file to single files by country, e.g.: file AD.subnets consists all IPs which uses in Andora.
Example of usage of the subnet per continent files we have before downloaded would be creating the following ACLs:
acl acl_AF src -f AF.txt acl acl_AN src -f AN.txt acl acl_AS src -f AS.txt acl acl_EU src -f EU.txt acl acl_NA src -f NA.txt acl acl_OC src -f OC.txt acl acl_SA src -f SA.txt
and then using them to allow or decline clients based on the continent they come from, for instance:
http-request deny if !acl_AF
or send them to different backend servers:
use_backend bk_af if acl_AN