GeoIP databases can be used to perform two operations.
Add to events the country origin of an IP address and/or block an IP address if it comes from some countries.
Available on version 1.0.29
Use the -geoip-on to enable the location verification
Use the -geoip-off to enable the location verification
If you using your own GeoIP database updater and if did not use the /usr/local/share/GeoIP directory, set the database directory using -geoip-db token
articapsniffer -geoip-db /usr/local/share/GeoIP
You can obtain a free MaxMind Account and license using this procedure
Use the -geoip-account to set the Account ID
Use the -geoip-key to set the license key
articapsniffer -geoip-key Asdfgt6
Use the -geoip-schedule to define the hourly period ( defaut 2 )
articapsniffer -geoip-schedule 2
If running in daemon mode, sources are checked each 2 hours
Without daemon mode, use the -geoip-update token to launch downloads
To deny IP address from countries, set the Iso codes separated by a comma with the token -geoip-deny
articapsniffer -geoip-deny CN,SG,US
Set the allowed countries
To allow IP addresses from countries set the set the Iso codes separated by a comma with the token -geoip-allow
Useful examples:
articapsniffer -geoip-deny all
articapsniffer -geoip-allow FR,DE,US
Will deny all countries except IP addresses from FR or DE or US
articapsniffer -geoip-deny FR,DE,US
articapsniffer -geoip-allow all
Will deny only IP addresses from FR or DE or US
articapsniffer -geoip-deny none
articapsniffer -geoip-allow all
Will do nothing, just log countries information
articapsniffer -geoip-deny none
articapsniffer -geoip-allow FR,DE,US
Will do nothing, deny is none so allow will do nothing ,just log countries information
articapsniffer -geoip-deny all
articapsniffer -geoip-allow all
Will do nothing, deny is all but allow is all ,just log countries information
The token -geoip-test [Ip address] allows you to check and IP address.
It answer with the Country Code and the Country Name