mod geoip giving unreliable results

Started by percepts, August 04, 2012, 06:01:40 AM

Previous topic - Next topic
Print
Go Down Pages1
User actions

percepts

August 04, 2012, 06:01:40 AM
Hi,

Running Apache 2.2.11 32bit with mod_geoip 1.2.7 on windows 7

I have been using mod_geoip 1.2.5 with geolite country database for a while now. Problem is that from time to time it returns the wrong country code.  This happens for 127.0.0.1 and also my own external IP number. Most of the time it works OK and then it will give the wrong country. It should be GB in my case.

So I just upgraded to mod_geoip 1.2.7 and latest geoip.dat file and the same problem happens. i.e. sometimes I get country code GB and sometimes I get various other country codes for the same IP number.
I have modded my apache log file to include the country code and infact I can have some files from one page request have the correct country code and some files have the wrong country code. See below. I get RU and US returned when it should be GB as the rest of the files are. Refreshing the page will sometimes get it right.

This is not what I would expect. Either the database has the correct country or it doesn't. Having it sometimes return the correct country and not other times looks like a software bug. (N.B. that below is not the actual IP. I edited it).

I have also used the maxmind PHP code to get country and this always seems to get it correctly.

Any suggestions as to what the problem is ?

Thanks

Quote
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET / HTTP/1.1" 200 4291 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /js/js.js HTTP/1.1" 200 1690 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /css/screen.css HTTP/1.1" 200 7504 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /js/screen.js HTTP/1.1" 200 6353 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/frmsr.gif HTTP/1.1" 200 125 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "RU" - - 2012-08-04 02:42:36 "GET /pics/frmst.gif HTTP/1.1" 200 82 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/robert-champagne-photographer.gif HTTP/1.1" 200 1724 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/frmsb.gif HTTP/1.1" 200 143 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/frmsl.gif HTTP/1.1" 200 123 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "US" - - 2012-08-04 02:42:36 "GET /pics/frmctl.gif HTTP/1.1" 200 223 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/frmctr.gif HTTP/1.1" 200 225 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "US" - - 2012-08-04 02:42:36 "GET /pics/frmcbr.gif HTTP/1.1" 200 386 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/frmcbl.gif HTTP/1.1" 200 384 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /landscape/Light-and-Fluffy.jpg HTTP/1.1" 200 108549 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /js/screen.js?screen=1280x1024&win=1280x871&cdi=24&java=true&shk=n&svg=n&fla=y&rp=n&mov=n&wma=y&pdf=n&uid=null&sid=null HTTP/1.1" 200 6353 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /pics/black-and-white-photographer.gif HTTP/1.1" 200 65836 "http://www.robertchampagnephotographer.co.uk/" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"
123.123.123.123 "GB" - - 2012-08-04 02:42:36 "GET /favicon.ico HTTP/1.1" 200 894 "-" "Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)"

Gregg

#1
August 04, 2012, 11:30:57 AM
I think the module just gets confused and looks at the wrong address in the database. I figure it's a bug in the module. However, both the module and the API were written for unix and ported to just work (for the most part) on Windows, and I'm sure that is a part of the problem as well.

I see the same results as well, I just know the proper country is the one that shows 90% of the time.
Quotexxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:20 -0700] "GET /modules/mod_auth_sspi/ HTTP/1.1" 200 8926 "https://www.google.co.jp/url?sa=t&rct=j&q=&esrc=s&source=web&cd=22&ved=0CFgQFjABOBQ&url=https%3A%2F%2Fwww.mydomain.com%2Fmodules%2Fmod_auth_sspi%2F&ei=N3kbUP6MOo6TiQegzIDYAg&usg=AFQjCNGTUcecCHHpMiT9zOHhqJ9dBw9K9A&cad=rja" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:21 -0700] "GET /_bar.png HTTP/1.1" 200 158 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /mod_ssl_sb.gif HTTP/1.1" 200 2007 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /Atom_pb.gif HTTP/1.1" 200 2767 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /icons/compressed.png HTTP/1.1" 200 1480 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /images/favicon.ico HTTP/1.1" 200 4286 "-" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /icons/back.png HTTP/1.1" 200 1247 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Korea, Republic of"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /icons/blank.gif HTTP/1.1" 200 148 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "China"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /vc9.png HTTP/1.1" 200 6798 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /icons/apache_pb24.gif HTTP/1.1" 200 1906 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /_head0.png HTTP/1.1" 200 47210 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /_foot.png HTTP/1.1" 200 403 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /openssl_ics.gif HTTP/1.1" 200 2063 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:22 -0700] "GET /_mid.png HTTP/1.1" 200 211 "https://www.mydomain.com/modules/mod_auth_sspi/" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"
xxxx.xxxxx.co.jp - - [03/Aug/2012:00:17:25 -0700] "GET /images/favicon.ico HTTP/1.1" 200 4286 "-" "Mozilla/5.0 (Windows NT 5.1; rv:14.0) Gecko/20100101 Firefox/14.0.1" www.mydomain.com 443 "Japan"

percepts

#2
August 04, 2012, 03:50:00 PM
Thanks,

It's a shame as I was trying to use it to block web access by country which is now unreliable. I'll look at using PHP module instead and see how that pans out.

percepts

#3
August 04, 2012, 09:05:46 PM
I just did a check on logs. It never happens on the html or php page being requested but only on the files that page requests.
I have implemented the PHP module now and that looks like it will work fine. Not such a neat solution but at least it seems to work properly.
Print
Go Up Pages1
User actions