[BUG] GEOIP ACL

[barto95100]

Describe the bug
Problem with ACL and geoip country

To Reproduce
country selected is FRANCE and test to access url with this ACL not work (403 Forbidden)
I verify the ip lookup and the ip used is in maxmind FRANCE Country

If i add manuelly the ip in ACL thé connections work

What's the source of geoip database use by zoraxy ?

[tobychui]

@barto95100

Source of geoip database is this:
https://www.jsdelivr.com/package/npm/@ip-location-db/geolite2-asn

And the code for updating the database can be found here:
https:/tobychui/zoraxy/blob/main/tools/update_geodb.sh

There is nothing I can do as this is part of the CI/CD process of automatically update the build in IPv4 and IPv6 mapping of the country code (which changes all the time). I guess if you already know your IP address, you should use IP whitelist instead.

[barto95100]

Ok i check the file download from script :
https:/tobychui/zoraxy/blob/main/tools/update_geodb.sh

download file is :
https://cdn.jsdelivr.net/npm/@ip-location-db/geo-whois-asn-country/geo-whois-asn-country-ipv4.csv

and after lookup most ip range is not present in this file...

why you don't use the maxmind to download the file ? with API

Maxmind indicate in site :

Url : https://support.maxmind.com/hc/en-us/articles/4408216129947-Download-and-Update-Databases

I found this for GO and maxmind : https://pkg.go.dev/github.com/oschwald/maxminddb-golang?utm_source=godoc

I don't know if this could help you because I'm not a developer :(

I guess if you already know your IP address, you should use IP whitelist instead.:
The problem is if I test from my cellular mobile the ip change every time

[tobychui]

@barto95100 Maxmind dataset license is not compatible with Zoraxy in some of the use cases.

The problem is if I test from my cellular mobile the ip change every time

Your ISP should have been assigned a fixed IP address range. You can look up on the internet regarding what possible IPs your ISP is using and use that CIDR as whitelist target.

I guess we can switch to the db one if the daily one is not too accurate, as I can see your IP address is correctly reported in the other csv file from the list.

DB-IP Lite Country CC BY 4.0 by DB-IP dbip-country-ipv4.csv

[barto95100]

YEs possible to move to dbip all my test indicate the dbip is more update to jsdeliver...

or maybe used the maxmind to update 1 time per day

[tobychui]

@barto95100 Well as mention earlier, we cannot use Maxmind database due to license issue. But for the user update-able ip table, I will think about it and see how it can be implemented.

[barto95100]

instead of downloading a file to make API requests, but probably too heavy at the level of zoraxy maybe? response time or CPU/RAM usage