ATS 10.0.0, header_rewrite plugin does not work with geoip file (maxmind mmdb)

[Solarisbf]

hello !!

i want to set acl with geoip country.

so, i set header_rewrite plugin configurations about geo.

and i got always same response header below.

i tested this on browser

http://1.201.173.127/cat/cat1.jpg

header result is below.

ats-geo-asn: -1
ats-geo-asn-name: (unknown)
ats-geo-country: (unknown)
ats-geo-country-iso: -1
x-client-ip: 1.201.194.27
x-inbound-ip: 192.168.10.15
x-outbound-ip: 192.168.10.15
x-server-ip: 52.***.***.***  "masking"

my host ip is : 1.201.194.27

thus, expected header result is below

ats-geo-asn: Asia
ats-geo-asn-name: AS
ats-geo-country: South Korea
ats-geo-country-iso: KR

i checked mmdb file is correct

mmdblookup --file /opt/ts/etc/trafficserver/GeoLite2-City.mmdb --ip 1.201.194.27

  {
    "continent":
      {
        "code":
          "AS" <utf8_string>
        "geoname_id":
          6255147 <uint32>
        "names":
          {
            "de":
              "Asien" <utf8_string>
            "en":
              "Asia" <utf8_string>
            "es":
              "Asia" <utf8_string>
            "fr":
              "Asie" <utf8_string>
            "ja":
              "アジア" <utf8_string>
            "pt-BR":
              "Ásia" <utf8_string>
            "ru":
              "Азия" <utf8_string>
            "zh-CN":
              "亚洲" <utf8_string>
          }
      }
    "country":
      {
        "geoname_id":
          1835841 <uint32>
        "iso_code":
          "KR" <utf8_string>
        "names":
          {
            "de":
              "Südkorea" <utf8_string>
            "en":
              "South Korea" <utf8_string>
            "es":
              "Corea del Sur" <utf8_string>
            "fr":
              "Corée du Sud" <utf8_string>
            "ja":
              "大韓民国" <utf8_string>
            "pt-BR":
              "Coreia do Sul" <utf8_string>
            "ru":
              "Республика Корея" <utf8_string>
            "zh-CN":
              "韩国" <utf8_string>
          }
      }
    "location":
      {
        "accuracy_radius":
          200 <uint16>
        "latitude":
          37.511200 <double>
        "longitude":
          126.974100 <double>
        "time_zone":
          "Asia/Seoul" <utf8_string>
      }
    "registered_country":
      {
        "geoname_id":
          1835841 <uint32>
        "iso_code":
          "KR" <utf8_string>
        "names":
          {
            "de":
              "Südkorea" <utf8_string>
            "en":
              "South Korea" <utf8_string>
            "es":
              "Corea del Sur" <utf8_string>
            "fr":
              "Corée du Sud" <utf8_string>
            "ja":
              "大韓民国" <utf8_string>
            "pt-BR":
              "Coreia do Sul" <utf8_string>
            "ru":
              "Республика Корея" <utf8_string>
            "zh-CN":
              "韩国" <utf8_string>
          }
      }
  }

my congurations are below

records.yaml

records:
  http:
    connect_attempts_max_retries: 3
    cache:
      http: 1
      required_headers: 0
      ignore_client_no_cache: 0
      ignore_query: 1
    server_ports: 80 80:ipv6 443:ssl
    normalize_ae: 2
  reverse_proxy:
    enabled: 1
  url_remap:
    pristine_host_hdr: 0
    remap_required: 1
  log:
    logging_enabled: 3
    logfile_dir: var/log/trafficserver
    rolling_enabled: 1
    rolling_interval_sec: 300
    rolling_allow_empty: 1
    rolling_max_count: 10
  ssl:
    client:
      version:
        min: 2
        max: 3
      certification_level: 1
      verify:
        server:
          policy: PERMISSIVE
    server:
      multicert:
        exit_on_load_fail: 0
      cert:
        path: /opt/ts/etc/trafficserver/ssl
      private_key:
        path: /opt/ts/etc/trafficserver/ssl
  diags:
    debug:
      enabled: 1
  output:
    logfile_perm: rwxrwxrwx
    logfile:
      name: traffic.out
      rolling_enabled: 2
      rolling_size_mb: 500
      rolling_min_count: 2

remap.config

** even i set

map http://1.201.173.127 https://jinyong-test-3.s3.ap-northeast-2.amazonaws.com @plugin=compress.so @pparam=compress.config @plugin=header_rewrite.so @pparam=svc/test2222.kinxzone.com/header_rewrite.conf @plugin=conf_remap.so @pparam=svc/test2222.kinxzone.com/conf_remap.yaml

** this point, i did this setting as well but does not work 
........... @plugin=header_rewrite.so @pparam=--geo-db-path=/opt/ts/etc/trafficserver/GeoLite2-City.mmdb @pparam=svc/test2222.kinxzone.com/header_rewrite.conf ...................

plugin.config

header_rewrite.so --geo-db-path=/opt/ts/etc/trafficserver/GeoLite2-City.mmdb

svc/test2222.kinxzone.com/header_rewrite.conf

cond %{REMAP_PSEUDO_HOOK}
set-header X-Kinx-Cdn "LOCAL"

cond %{SEND_REQUEST_HDR_HOOK}
set-header X-Kinx-Cdn "LOCAL"

cond %{READ_RESPONSE_HDR_HOOK} [AND]
cond %{HEADER:Cache-Control} ="" [AND]
cond %{STATUS} >199 [AND]
cond %{STATUS} <400
set-header Cache-Control "max-age=22, public"

cond %{SEND_REQUEST_HDR_HOOK}
set-header Host %{CLIENT-HEADER:Host}
set-header User-Agent %{CLIENT-HEADER:User-Agent}

cond %{SEND_RESPONSE_HDR_HOOK}
set-header name1234 "1234"
set-header name5555 "5555"

cond %{REMAP_PSEUDO_HOOK} [AND]
cond %{HEADER:Content-Type} ="image/bmp" [OR]
cond %{HEADER:Content-Type} ="image/jpeg" [OR]
cond %{HEADER:Content-Type} ="image/gif" [OR]
cond %{HEADER:Content-Type} ="image/png" [OR]
cond %{HEADER:Content-Type} ="video/x-msvideo"
set-header Cache-Control "no-cache"

cond %{SEND_REQUEST_HDR_HOOK}
rm-header Cache-Control

cond %{SEND_RESPONSE_HDR_HOOK}
set-header ATS-Geo-Country %{GEO:COUNTRY}
set-header ATS-Geo-Country-ISO %{GEO:COUNTRY-ISO}
set-header ATS-Geo-ASN %{GEO:ASN}
set-header ATS-Geo-ASN-NAME %{GEO:ASN-NAME}
set-header X-Client-IP %{IP:CLIENT}
set-header X-Inbound-IP %{IP:INBOUND}
set-header X-Server-IP %{IP:SERVER}
set-header X-Outbound-IP %{IP:OUTBOUND}

maybe ATS 10.0.0 does not load mmdb file at all.

please give me any information !

@bneradt @calavera @janfrode @biilmann @jpeach @sekimura @cmcfarlen @bryancall @mlibbey @brbzull0

thanks a lot !

[Solarisbf]

hello !

i am testing header_rewrite acl with geoip (.mmdb file) again and again

but failed always like upside comment.

i checked header_rewrite.so library link as well

root@ats-dev2:/opt/ts/libexec/trafficserver# ldd header_rewrite.so
linux-vdso.so.1 (0x00007ffc336f3000)
libpcre.so.3 => /lib/x86_64-linux-gnu/libpcre.so.3 (0x00007f7415e1e000)
libswoc-1.5.12.so => /opt/ts/lib/libswoc-1.5.12.so (0x00007f7415d93000)
libpcre2-8.so.0 => /lib/x86_64-linux-gnu/libpcre2-8.so.0 (0x00007f7415cfc000)
libcap.so.2 => /lib/x86_64-linux-gnu/libcap.so.2 (0x00007f7415cf1000)
libmaxminddb.so.0 => /lib/x86_64-linux-gnu/libmaxminddb.so.0 (0x00007f7415cea000)
libstdc++.so.6 => /lib/x86_64-linux-gnu/libstdc++.so.6 (0x00007f7415abc000)
libgcc_s.so.1 => /lib/x86_64-linux-gnu/libgcc_s.so.1 (0x00007f7415a9c000)
libc.so.6 => /lib/x86_64-linux-gnu/libc.so.6 (0x00007f7415873000)
/lib64/ld-linux-x86-64.so.2 (0x00007f7415f8e000)
libm.so.6 => /lib/x86_64-linux-gnu/libm.so.6 (0x00007f741578c000)

libmaxminddb.so is linked properly

please give me any information when you guys have time !

thanks a lot !!

[bryancall]

@cmcfarlen is going to see if he can reproduce it.

[Solarisbf]

hello guys

i checked traffic.out log as well

root@ats-dev2:/opt/ts/var/log/trafficserver# cat traffic.out | grep geo
[Oct 21 16:40:24.202] traffic_server DIAG: <header_rewrite.cc:454 (TSRemapNewInstance)> (header_rewrite) Remap geo db /opt/ts/etc/trafficserver/GeoLite2-City.mmdb
[Oct 21 17:04:51.998] traffic_server DIAG: <header_rewrite.cc:454 (TSRemapNewInstance)> (header_rewrite) Remap geo db /opt/ts/etc/trafficserver/GeoLite2-City.mmdb
[Oct 21 17:29:20.162] traffic_server DIAG: <header_rewrite.cc:454 (TSRemapNewInstance)> (header_rewrite) Remap geo db /opt/ts/etc/trafficserver/GeoLite2-City.mmdb
[Oct 22 09:51:24.940] traffic_server DIAG: <header_rewrite.cc:454 (TSRemapNewInstance)> (header_rewrite) Remap geo db /opt/ts/etc/trafficserver/GeoLite2-City.mmdb
[Oct 22 09:51:39.052] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:66 (get_geo_string)> (header_rewrite) MaxMind not initialized; using default value
[Oct 22 09:51:39.052] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:131 (get_geo_int)> (header_rewrite) MaxMind not initialized; using default value
[Oct 22 09:51:39.052] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:131 (get_geo_int)> (header_rewrite) MaxMind not initialized; using default value
[Oct 22 09:51:39.052] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:66 (get_geo_string)> (header_rewrite) MaxMind not initialized; using default value

traffic.out shows header_rewrite module MaxMind not initialized

so, i checked apache traffic server code ( conditions_geo_maxmind.cc )

mgMaxMindDB is not initialized, so it's nullptr

gMaxMindDB = new MMDB_s;

//////////////////////////////////////////////////////////////////////////////////////////////
// conditions_geo_maxmind.cc: Implementation of the ConditionGeo class based on MaxMindDB
//
//

#include <unistd.h>
#include <arpa/inet.h>

#include "ts/ts.h"

#include "conditions_geo.h"

#include <maxminddb.h>

MMDB_s *gMaxMindDB = nullptr;

void
MMConditionGeo::initLibrary(const std::string &path)
{
  if (path.empty()) {
    Dbg(pi_dbg_ctl, "Empty MaxMind db path specified. Not initializing!");
    return;
  }

  if (gMaxMindDB != nullptr) {
    Dbg(pi_dbg_ctl, "Maxmind library already initialized");
    return;
  }

  gMaxMindDB = new MMDB_s;

  int status = MMDB_open(path.c_str(), MMDB_MODE_MMAP, gMaxMindDB);
  if (MMDB_SUCCESS != status) {
    Dbg(pi_dbg_ctl, "Cannot open %s - %s", path.c_str(), MMDB_strerror(status));
    delete gMaxMindDB;
    return;
  }
  Dbg(pi_dbg_ctl, "Loaded %s", path.c_str());
}

std::string
MMConditionGeo::get_geo_string(const sockaddr *addr) const
{
  std::string ret = "(unknown)";
  int         mmdb_error;

  if (gMaxMindDB == nullptr) {
    Dbg(pi_dbg_ctl, "MaxMind not initialized; using default value");
    return ret;
  }

  MMDB_lookup_result_s result = MMDB_lookup_sockaddr(gMaxMindDB, addr, &mmdb_error);

  if (MMDB_SUCCESS != mmdb_error) {
    Dbg(pi_dbg_ctl, "Error during sockaddr lookup: %s", MMDB_strerror(mmdb_error));
    return ret;
  }

  MMDB_entry_data_list_s *entry_data_list = nullptr;
  if (!result.found_entry) {
    Dbg(pi_dbg_ctl, "No entry for this IP was found");
    return ret;
  }

  int status = MMDB_get_entry_data_list(&result.entry, &entry_data_list);
  if (MMDB_SUCCESS != status) {
    Dbg(pi_dbg_ctl, "Error looking up entry data: %s", MMDB_strerror(status));
    return ret;
  }

  if (entry_data_list == nullptr) {
    Dbg(pi_dbg_ctl, "No data found");
    return ret;
  }

  const char *field_name;
  switch (_geo_qual) {
  case GEO_QUAL_COUNTRY:
    field_name = "country_code";
    break;
  case GEO_QUAL_ASN_NAME:
    field_name = "autonomous_system_organization";
    break;
  default:
    Dbg(pi_dbg_ctl, "Unsupported field %d", _geo_qual);
    return ret;
    break;
  }

  MMDB_entry_data_s entry_data;

  status = MMDB_get_value(&result.entry, &entry_data, field_name, NULL);
  if (MMDB_SUCCESS != status) {
    Dbg(pi_dbg_ctl, "ERROR on get value asn value: %s", MMDB_strerror(status));
    return ret;
  }
  ret = std::string(entry_data.utf8_string, entry_data.data_size);

  if (nullptr != entry_data_list) {
    MMDB_free_entry_data_list(entry_data_list);
  }

  return ret;
}

int64_t
MMConditionGeo::get_geo_int(const sockaddr *addr) const
{
  int64_t ret = -1;
  int     mmdb_error;

  if (gMaxMindDB == nullptr) {
    Dbg(pi_dbg_ctl, "MaxMind not initialized; using default value");
    return ret;
  }

  MMDB_lookup_result_s result = MMDB_lookup_sockaddr(gMaxMindDB, addr, &mmdb_error);

  if (MMDB_SUCCESS != mmdb_error) {
    Dbg(pi_dbg_ctl, "Error during sockaddr lookup: %s", MMDB_strerror(mmdb_error));
    return ret;
  }

  MMDB_entry_data_list_s *entry_data_list = nullptr;
  if (!result.found_entry) {
    Dbg(pi_dbg_ctl, "No entry for this IP was found");
    return ret;
  }

  int status = MMDB_get_entry_data_list(&result.entry, &entry_data_list);
  if (MMDB_SUCCESS != status) {
    Dbg(pi_dbg_ctl, "Error looking up entry data: %s", MMDB_strerror(status));
    return ret;
  }

  if (entry_data_list == nullptr) {
    Dbg(pi_dbg_ctl, "No data found");
    return ret;
  }

  const char *field_name;
  switch (_geo_qual) {
  case GEO_QUAL_ASN:
    field_name = "autonomous_system_number";
    break;
  default:
    Dbg(pi_dbg_ctl, "Unsupported field %d", _geo_qual);
    return ret;
    break;
  }

  MMDB_entry_data_s entry_data;

  status = MMDB_get_value(&result.entry, &entry_data, field_name, NULL);
  if (MMDB_SUCCESS != status) {
    Dbg(pi_dbg_ctl, "ERROR on get value asn value: %s", MMDB_strerror(status));
    return ret;
  }
  ret = entry_data.uint32;

  if (nullptr != entry_data_list) {
    MMDB_free_entry_data_list(entry_data_list);
  }

  return ret;
}

trafficserver/plugins/header_rewrite/CMakeLists.txt code is below

maybe TS_USE_HRW_MAXMINDDB is NOT 1

if(maxminddb_FOUND)
  target_compile_definitions(header_rewrite PUBLIC TS_USE_HRW_MAXMINDDB=1)
  target_sources(header_rewrite PRIVATE conditions_geo_maxmind.cc)
  target_link_libraries(header_rewrite PRIVATE maxminddb::maxminddb)
endif()

header_rewrite.cc code is below

So, MMConditionGeo::initLibrary(dbPath) is not compiled maybe ?

static void
initHRWLibraries(const std::string &dbPath)
{
  header_rewrite_ns::plugin_factory.setRuntimeDir(RecConfigReadRuntimeDir()).addSearchDir(RecConfigReadPluginDir());

  if (dbPath.empty()) {
    return;
  }

  Dbg(pi_dbg_ctl, "Loading geo db %s", dbPath.c_str());

#if TS_USE_HRW_GEOIP
  GeoIPConditionGeo::initLibrary(dbPath);
#elif TS_USE_HRW_MAXMINDDB
  MMConditionGeo::initLibrary(dbPath);
#endif
}

AND i checked header_rewrite Makefile

root@ats-dev2:/usr/local/trafficserver/build/plugins/header_rewrite# vim Makefile
        @echo "... test"
        @echo "... header_rewrite"
        @echo "... header_rewrite_parser"
        @echo "... test_header_rewrite"
        @echo "... condition.o"
        @echo "... condition.i"
        @echo "... condition.s"
        @echo "... conditions.o"
        @echo "... conditions.i"
        @echo "... conditions.s"
        @echo "... conditions_geo_maxmind.o"
        @echo "... conditions_geo_maxmind.i"
        @echo "... conditions_geo_maxmind.s"
        @echo "... factory.o"
        @echo "... factory.i"
        @echo "... factory.s"
        @echo "... header_rewrite.o"
        @echo "... header_rewrite.i"
        @echo "... header_rewrite.s"
        @echo "... header_rewrite_test.o"
        @echo "... header_rewrite_test.i"
        @echo "... header_rewrite_test.s"
.............

there is conditions_geo_maxmind, NOT conditions_geo_geoip !!!

### Thus, my expectation is that ATS 10.0.0 does not load maxmind geoip database file or could not find libmaxminddb

** i checked whether libmaxminddb-dev exists or not

root@ats-dev2:/opt/ts/var/log/trafficserver# dpkg -l | grep maxmind
ii  libmaxminddb-dev:amd64             1.5.2-1build2                           amd64        IP geolocation database library (development headers)
ii  libmaxminddb0:amd64                1.5.2-1build2                           amd64        IP geolocation database library

** ats host os is ubuntu 22.04

root@ats-dev2:/opt/ts/libexec/trafficserver# cat /etc/issue
Ubuntu 22.04.4 LTS \n \l

---

waiting for ATS TEAM Support !!

thanks a lot !

[Solarisbf]

hello ATS Team !

i set header_rewrite option --geo-db-path on plugin.config for global setting

root@ats-dev2:/opt/ts/etc/trafficserver# cat plugin.config
xdebug.so --enable=x-remap,x-cache
regex_revalidate.so -c regex_revalidate.config -l rr_log -f rr_state
header_rewrite.so --geo-db-path=dbip-country-lite-2024-10.mmdb

traffic.out

[Oct 24 14:19:25.400] traffic_server DIAG: <header_rewrite.cc:367 (TSPluginInit)> (header_rewrite) Global geo db /opt/ts/etc/trafficserver/dbip-country-lite-2024-10.mmdb
[Oct 24 14:19:25.400] traffic_server DIAG: <header_rewrite.cc:59 (initHRWLibraries)> (header_rewrite) Loading geo db /opt/ts/etc/trafficserver/dbip-country-lite-2024-10.mmdb
[Oct 24 14:19:25.400] traffic_server DIAG: <conditions_geo_maxmind.cc:56 (initLibrary)> (header_rewrite) Loaded /opt/ts/etc/trafficserver/dbip-country-lite-2024-10.mmdb
[Oct 24 14:19:54.377] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:66 (get_geo_string)> (header_rewrite) MaxMind not initialized; using default value
[Oct 24 14:19:54.825] [ET_NET 1] DIAG: <conditions_geo_maxmind.cc:66 (get_geo_string)> (header_rewrite) MaxMind not initialized; using default value

same maxmind not initialized.

thanks a lot

[mkrug1981]

I was wondering if there is any update? Right now ATS9.2.x we are using Header_Rewrite to create an internal header with client BGP ASN which is finally logged. The usage of Header_Rewrite GEO function is per remap line and works fearlessly in ATS9. We are planning migration to ATS10 but for some reason the maxmind DB is not loaded by using it as remap. After some testing it is working if used as global plugin

via ldd I can see the maxmind lib is linked

# ldd /opt/trafficserver/libexec/trafficserver/header_rewrite.so
        linux-vdso.so.1 (0x00007fffd8542000)
        libdl.so.2 => /lib64/libdl.so.2 (0x00007f87fb57d000)
        libpcre.so.1 => /lib64/libpcre.so.1 (0x00007f87fb30c000)
        libcrypto.so.1.1 => /lib64/libcrypto.so.1.1 (0x00007f87fae21000)
        libresolv.so.2 => /lib64/libresolv.so.2 (0x00007f87fac09000)
        libswoc-1.5.12.so => /opt/trafficserver/lib/libswoc-1.5.12.so (0x00007f87fb8e8000)
        libyaml-cpp.so.0.8 => /opt/trafficserver/lib/libyaml-cpp.so.0.8 (0x00007f87fb860000)
        libjemalloc.so.2 => /lib64/libjemalloc.so.2 (0x00007f87fa76a000)
        libpcre2-8.so.0 => /lib64/libpcre2-8.so.0 (0x00007f87fa4e6000)
        libcap.so.2 => /lib64/libcap.so.2 (0x00007f87fa2de000)
        libhwloc.so.15 => /lib64/libhwloc.so.15 (0x00007f87fa08e000)
        libmaxminddb.so.0 => /lib64/libmaxminddb.so.0 (0x00007f87f9e88000)
        libstdc++.so.6 => /lib64/libstdc++.so.6 (0x00007f87f9af3000)
        libm.so.6 => /lib64/libm.so.6 (0x00007f87f9771000)
        libgcc_s.so.1 => /lib64/libgcc_s.so.1 (0x00007f87f9559000)
        libpthread.so.0 => /lib64/libpthread.so.0 (0x00007f87f9339000)
        libc.so.6 => /lib64/libc.so.6 (0x00007f87f8f63000)
        /lib64/ld-linux-x86-64.so.2 (0x00007f87fb781000)
        libz.so.1 => /lib64/libz.so.1 (0x00007f87f8d4b000)

Header_Rewrite with maxmind as global plugin
 - as we can see the mmdb is Loading and Loaded finally

# cat plugin.config | tail -n1
header_rewrite.so --geo-db-path=/opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb /opt/trafficserver/etc/trafficserver/hdr_global_config.conf

# grep mmdb /opt/trafficserver/var/log/trafficserver/traffic.out 
[Mar 24 07:41:17.681] traffic_server DIAG: <header_rewrite.cc:367 (TSPluginInit)> (header_rewrite) Global geo db /opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb
[Mar 24 07:41:17.681] traffic_server DIAG: <header_rewrite.cc:59 (initHRWLibraries)> (header_rewrite) Loading geo db /opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb
[Mar 24 07:41:17.689] traffic_server DIAG: <conditions_geo_maxmind.cc:56 (initLibrary)> (header_rewrite) Loaded /opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb

Header_Rewrite with maxmind as remap plugin
- for some reason on remap the Geo DB is NOT loaded

# cat remap.config 
map https://edge.example.com/ http://origin.example.com/ @plugin=header_rewrite.so @pparam=--geo-db-path=/opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb 

# grep mmdb /opt/trafficserver/var/log/trafficserver/traffic.out 
[Mar 24 07:41:21.448] traffic_server DIAG: <header_rewrite.cc:454 (TSRemapNewInstance)> (header_rewrite) Remap geo db /opt/trafficserver/etc/trafficserver/GeoIP2-ISP.mmdb

[cmcfarlen]

Is it possible to get the mmdb file you are using for your test? Is it a public one? I downloaded one from the internet and it has a different structure than what ATS is querying.

I do see there could be a problem with the query and the loading, but trying to narrow it down and reproduce it.

[cmcfarlen]

#12126 is a partial fix for this. There is still the issue with the structure of the mmdb file matching what header_rewrite expects. This will be fixed in a subsequent PR.

[Solarisbf]

hello @cmcfarlen ,

sorry for replying late.

i downloaded mmdb file from this link https://github.com/P3TERX/GeoLite.mmdb

or here https://archive.org/download/dbip-country-lite

i downloaded GeoLite2-Country.mmdb & GeoLite2-City.mmdb

thanks for fixing this issue.

thanks a lot @cmcfarlen !!!

[bryancall]

There were two bugs here, both now fixed:

1. Remap plugin loading (fixed in #12126): The std::call_once for initHRWLibraries was outside the if block that checks for --geo-db-path, so when header_rewrite was used as a remap plugin, the library init was called with an empty path and then skipped on subsequent calls. This was fixed by @cmcfarlen in #12126 (merged March 2025).

2. Incorrect MMDB field paths (fixed in #12948): The MaxMind lookup code used flat field names that don't match the structure of standard GeoLite2/DBIP mmdb databases:

• GEO_QUAL_COUNTRY queried "country_code" — but the correct path is "country" -> "iso_code" (returns "KR", "US", etc., matching the legacy GeoIP backend)
• GEO_QUAL_COUNTRY_ISO was completely missing from get_geo_string()
• Unnecessary MMDB_get_entry_data_list() allocation was removed — MMDB_get_value() operates directly on the entry
• gMaxMindDB wasn't set to nullptr after delete on open failure, preventing retry

Verified the fix with DBIP Country Lite and ASN Lite databases:

$ ./test_mmdb dbip-country-lite.mmdb 1.201.194.27
COUNTRY: KR
COUNTRY-ISO: KR

$ ./test_mmdb dbip-asn-lite.mmdb 1.201.194.27
ASN-NAME: KINX
ASN: 9286

The field paths now match what the maxmind_acl plugin uses (which works correctly). A unit test was also added that validates the MMDB lookup paths when a database file is available.

Note: %{GEO:COUNTRY-ISO} is currently typed as an integer in the header_rewrite dispatcher (inherited from the old GeoIP backend where it returned a numeric country ID). With MaxMind, the ISO code is a string ("KR"), so using set-header with %{GEO:COUNTRY-ISO} will return the numeric geoname_id rather than the ISO string. Use %{GEO:COUNTRY} for the ISO country code. This int/string typing issue is a pre-existing design limitation that could be addressed separately.