databaseFilePath: "/plugins-local/src/github.com/david-garcia-garcia/traefik-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN"
# Can be:
# - Full path: /path/to/IP2LOCATION-LITE-DB1.IPV6.BIN
# - Directory: /path/to/ (will search for IP2LOCATION-LITE-DB1.IPV6.BIN recursively). Use /plugins-storage/sources/ if you are installing from plugin repository.
# - Empty: uses embedded database assuming it is installed in /plugins-local/src/github.com/david-garcia-garcia/traefik-geoblock/
I am updating the geoblock based in the new info. I am just lost in this part. Where exactly to change? Thanks
services:
traefik:
# ... existing config ...
volumes:
# ... existing volumes ...
- ./IP2LOCATION-LITE-DB1.IPV6.BIN:/plugins-storage/IP2LOCATION-LITE-DB1.IPV6.BIN
you will have to download the bin file and put in the folder. it works offline. you can set to auto update also
1 Like
Is this generally okay to add? Looks like someone can send a header like this and bypass geoblocking?
to be very honest geo block is not foolproof. it’s just a layer to support other security system.
Good morning. I followed the the tutorial but get the same error as the other user :
"plugin":"plugin-geoblock","module":"github.com/david-garcia-garcia/traefik-geoblock","runtime":"","time":"2025-05-10T00:09:40Z","level":"error","message":"2025/05/10 00:09:40 time=2025-05-10T00:09:40.579Z level=ERROR msg=\"could not find file\" plugin=geoblock@file file=IP2LOCATION-LITE-DB1.IPV6.BIN path=/plugins-storage/IP2LOCATION-LITE-DB1.IPV6.BIN\n"}
{"level":"error","entryPointName":"websecure","routerName":"ws-router@file","error":"geoblock@file: failed to open database: open /plugins-storage/IP2LOCATION-LITE-DB1.IPV6.BIN: no such file or directory","time":"2025-05-10T00:09:40Z"}
Where is the location of the folder I have to copy the .BIN file? I’m a bit new to linux and Docker. I don’t see a folder named plugins-local in /home/ubuntu/config/traefik where the other files I needed to edit are.
Thanks!
Ping me on hhf discord. It will take a min to setup
Hi! I messaged you on Discord. Kebel87. thanks!
Hi @hhf.technoloy ! hope you doing well, im having an error that is driving me crazy since i dont know how to fix it, i opened a ticket in HHF technology discord
Will ping you in the hhf cord
1 Like
Did you ever find an answer to this question about file paths and the auto update feature?
Did you figure this out? I tried several times and created the folder with the BIN file in several different locations to try to get it working but the system never finds/recognizes it. Do you need to mount the BIN or set any permissions for it?
There is a thread of cord and we will have a look into this. Lots of people away re. holidays etc so it may take a little time
1 Like
I had the same problem.
When you edit the docker-compose file to add a volume, you can’t just restart traefik; you have to use :
docker compose down && docker compose up -d
I installed this plugin a few days ago, but I don’t think it’s working properly.
This is an excerpt from the traefik log, If I’m not mistaken, these are error messages and not simple reports of a block being performed.
traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T04:59:21Z”,“level”:“error”,“message”:"2025/08/25 04:59:21 time=2025-08-25T04:59:21.845Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=4.227.36.70 ip_chain=\”\" country=US host= method=GET phase=default_allow path=/robots.txt\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T04:59:21Z”,“level”:“error”,“message”:"2025/08/25 04:59:21 time=2025-08-25T04:59:21.975Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=20.171.207.82 ip_chain=\”\" country=US host= method=GET phase=default_allow path=/\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T05:16:04Z”,“level”:“error”,“message”:"2025/08/25 05:16:04 time=2025-08-25T05:16:04.770Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=34.90.214.70 ip_chain=\”\" country=NL host= method=GET phase=default_allow path=/\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T05:16:23Z”,“level”:“error”,“message”:"2025/08/25 05:16:23 time=2025-08-25T05:16:23.363Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=45.139.104.199 ip_chain=\”\" country=US host= method=GET phase=default_allow path=/.git/config\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T06:04:36Z”,“level”:“error”,“message”:"2025/08/25 06:04:36 time=2025-08-25T06:04:36.598Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=93.123.109.175 ip_chain=\”\" country=NL host= method=GET phase=default_allow path=/.git/config\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T06:04:36Z”,“level”:“error”,“message”:"2025/08/25 06:04:36 time=2025-08-25T06:04:36.690Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=93.123.109.175 ip_chain=\”\" country=NL host= method=GET phase=default_allow path=/.git/config\n"} traefik | {“plugin”:“plugin-geoblock”,“module”:“github.com/david-garcia-garcia/traefik-geoblock",“runtime”:“”,“time”:“2025-08-25T07:33:47Z”,“level”:“error”,“message”:"2025/08/25 07:33:47 time=2025-08-25T07:33:47.377Z level=INFO msg=\“blocked request\” plugin=pangolin-geoblock@file ip=4.227.36.70 ip_chain=\”\" country=US host= method=GET phase=default_allow path=/robots.txt\n"}
My dynamic_config.yml where the plugin is loaded before crowdsec
http:
middlewares:
pangolin-geoblock:
plugin:
geoblock:
enabled: true
defaultAllow: false
databaseFilePath: "/plugins-storage/IP2LOCATION-LITE-DB1.IPV6.BIN"
#databaseFilePath: "/plugins-storage/sources/gop-2195119671/src/github.com/david-garcia-garcia/traefik-geoblock/IP2LOCATION-LITE-DB1.IPV6.BIN"
allowPrivate: true
logBannedRequests: true
banIfError: true
disallowedStatusCode: 403
allowedCountries:
- IT # ITALIA
# Add more countries as needed from the ISO 3166-1 alpha-2 codes
allowedIPBlocks:
- "192.168.0.0/16"
- "10.0.0.0/8"
databaseAutoUpdate: true
databaseAutoUpdateDir: "/data/ip2database"
databaseAutoUpdateCode: "DB1"
bypassHeaders:
X-Internal-Request: "true"
X-Skip-Geoblock: "1"
Crowdsec is taking action to ban IP addresses from countries that should be blocked by the Geoblocking plugin.
docker exec crowdsec cscli decisions list
+--------+----------+--------------------+---------------------------------------+---------+---------+---------------------------------------+--------+------------+----------+
| ID | Source | Scope:Value | Reason | Action | Country | AS | Events | expiration | Alert ID |
+--------+----------+--------------------+---------------------------------------+---------+---------+---------------------------------------+--------+------------+----------+
| 795251 | crowdsec | Ip:143.110.150.233 | crowdsecurity/http-bad-user-agent | captcha | US | 14061 DIGITALOCEAN-ASN | 2 | 3h59m44s | 333 |
| 795250 | crowdsec | Ip:185.177.72.144 | crowdsecurity/CVE-2017-9841 | ban | FR | 211590 Bucklog SARL | 1 | 595h7m26s | 332 |
| 765244 | crowdsec | Ip:167.94.138.49 | crowdsecurity/http-bad-user-agent | captcha | US | 398324 CENSYS-ARIN-01 | 2 | 10m46s | 324 |
| 765243 | crowdsec | Ip:162.243.214.110 | crowdsecurity/http-backdoors-attempts | captcha | US | 14061 DIGITALOCEAN-ASN | 2 | 8m21s | 323 |
| 750241 | crowdsec | Ip:185.177.72.236 | crowdsecurity/http-sensitive-files | ban | FR | 211590 Bucklog SARL | 5 | 590h26m18s | 320 |
| 750239 | crowdsec | Ip:185.177.72.45 | crowdsecurity/http-probing | ban | FR | 211590 Bucklog SARL | 11 | 589h4m10s | 318 |
| 660224 | crowdsec | Ip:185.177.72.115 | crowdsecurity/http-sensitive-files | ban | FR | 211590 Bucklog SARL | 5 | 576h50m3s | 297 |
| 630216 | crowdsec | Ip:185.177.72.35 | crowdsecurity/http-crawl-non_statics | ban | FR | 211590 Bucklog SARL | 43 | 573h12m45s | 287 |
| 540198 | crowdsec | Ip:117.209.30.192 | crowdsecurity/netgear_rce | ban | IN | 9829 National Internet Backbone | 1 | 562h36m37s | 263 |
| 540197 | crowdsec | Ip:47.236.76.100 | crowdsecurity/thinkphp-cve-2018-20062 | ban | SG | 45102 Alibaba US Technology Co., Ltd. | 1 | 562h2m35s | 262 |
+--------+----------+--------------------+---------------------------------------+---------+---------+---------------------------------------+--------+------------+----------+
25 duplicated entries skipped
Any advice is welcome.
Thanks!
@GjMan78 because you have deployed crowdsec before geoblock. so naturally crowdsec will take action first
I thought this was enough to get the geoblock plugin to kick in before crowdsec. Am I doing something wrong?
traefik_config.yml
entryPoints:
web:
address: :80
websecure:
address: :443
http:
middlewares:
- pangolin-geoblock@file
- crowdsec@file
tls:
certResolver: letsencrypt
transport:
respondingTimeouts:
readTimeout: 30m
In your docker-compose for traefik add:
./ip2database:/data/ip2database
It needs persistent storage. I’ve tested and it downloads the new ip2db BIN updated file and it uses that. I’ve composed down and restarted and it automatically found the updated one from earlier and it uses that without updating anymore, until some days/weeks pass. Check the docker logs for traefik after this change, it’s easy to figure out what is happening, it says it step by step.
2 Likes