Share via:

Using Mod_maxminddb to Become GDPR Complient

How I am planning on making Beamtic GDPR complient using the mod_maxminddb Apache module.

322 views
d

By. Jacob

Edited: 2018-07-12 14:01

GDPR, GEO Location, and Apache

In the process of making Beamtic sites GDPR complaint, I have decided to make some changes to the way I collect consent from users. Some website owners decide to simply show the consent dialog to all their users, and thereby avoid having to deal with GEO location. I used to take that approach, but I realize this was a mistake.

Without getting into too many details, I think it was a mistake because I disagree with the requirement to show these consent dialogs. They are quite simply toxic for UX (users) and both unfair and unreasonable for website owners (that is us). The problem the EU seeks to address should likely be solved in the browser – and certainly not by individual site owners.

Because of the above, I have decided to install a module for my web-server (Apache), which enables me to perform easy GEO location lookups. This allows me to only show the consent dialog to users within the EEA (European Economic Area).

The module I am using is called mod_maxminddb and can be easily installed on an Apache production server. I am not sure how to install this on my local development server yet, since it could (would?) give unexpected results with local IP-addresses. If that is the case, then it is likely nothing that can not be accounted for with a if else statement in PHP.

Note that this only covers the technical aspect of installing the module, not how to create the consent dialog mechanism itself, or how to fulfill the requirements of GDPR.

Dependencies

Before installing the module, you also need to install the libmaxminddb library. This can be installed via PPA in Ubuntu. More info here: https://github.com/maxmind/libmaxminddb/blob/master/README.md

You also need to install the dev package for your apache version, in my case, this was done like below:

sudo apt install apache2-dev

If you have not installed the apache2-dev package, you might get errors such as this configure: error: apxs not found. set apxs with --with-apxs.

How to install mod_maxminddb

The module itself is actually surprisingly easy to install. However, it did take some time for me to understand exactly what I had to do. I was not very familiar with installing from tarballs, so this was my first roadblock. My problem was, I could not find where to download the tarball file mentioned in the documentation. It turns out you just have to click on the releases tab on their GitHub repository, and the tarballs are available for download from there.

Installing from the tarball is covered in their documentation, here: http://maxmind.github.io/mod_maxminddb/. But I will also repeat the steps in the article. Please check the official documentation for updated instructions!

If you are trying to install on your live server, likely in the cloud or on a server with your hosting company, you can download the tarball using the wget command, and then extract the file before running the commands found in the official documentation. I am personally Ubuntu, but this should also work for other distributions as well.

The exact steps I took to install mod_maxminddb was as follows:

  1. cd /home/[YOUR_USER]
  2. wget [URL_TO_TARBALL_FILE]
  3. tar -xvzf [PATH_TO_TARBALL_FILE]
  4. cd [PATH_TO_EXTRACTED_TARBALL]
  5. ./configure
  6. make install

This automatically installed and enabled the module. All I had to do afterwards was to update my Apache configuration files, and download a database from maxmind. The database file has to be linked in the configuration file. Inside the configuration files I added the following:

MaxMindDBEnable On
MaxMindDBFile COUNTRY_DB /usr/local/share/GeoIP/GeoLite2-Country.mmdb
MaxMindDBFile CITY_DB    /usr/local/share/GeoIP/GeoLite2-City.mmdb

MaxMindDBEnv COUNTRY_CODE COUNTRY_DB/country/iso_code
MaxMindDBEnv CONTINENT_CODE CITY_DB/continent/code

Since I am hosting multiple sites on my server, I added this in a VHOST file in /etc/apache2/sites-available, but you can also use .htaccess files or the main configuration.

The database will also need to be extracted after downloading it. Again, simply use wget to download the database file from maxminds website. Databases are found here: https://dev.maxmind.com/geoip/geoip2/geolite2/

After updating the configuration, remember to restart the server with service apache2 restart

If you did everything correctly, you should now be able to access GEO information via the $_SERVER global in PHP. I.e.:

echo $_SERVER['COUNTRY_CODE']; // Sometimes return unexpected values (I.e. A1|A2|EU|AP)
// See: https://dev.maxmind.com/geoip/legacy/mod_geoip2/ for more information

Knowing if the user is in the EEA

There should be no need to maintain a secondary list of countries in Europe to compare against. Instead, using the city database, we add the following to Apaches configuration:

MaxMindDBEnv CONTINENT_CODE CITY_DB/continent/code

This gives us access to the "CONTINENT_CODE" variable. In PHP this may be accessed via the $_SERVER global:

echo $_SERVER['CONTINENT_CODE'];

This is better than manually comparing the COUNTRY_CODE variable with a list of EU countries, since you do not have to account for unexpected values in the COUNTRY_CODE, such as A1 for proxy servers. All we really care about is the client IP address, regardless if they are using a proxy.

But, again, this might not exactly meet the requirement about getting consent from EU citizens, since we can not reliably tell if someone is a EU citizen based on GEO location.

Links

  1. MaxMind DB Apache Module – github.com
  2. C library for the MaxMind DB file format – github.com
  3. GeoLite2 Free Downloadable Databases – maxmind.com

Comments