# App Logwebmin
Aplikasi ini adalah hasil pengembangan mandiri Dinas Kominfo Bartim untuk memonitoring dan memblokir aktivitas client yang mencurigakan pada server webmin (server apache).
[](https://dokumen.baritotimurkab.go.id/uploads/images/gallery/2025-05/C5jx2dzf6eHZWzIq-image.png)
[](https://dokumen.baritotimurkab.go.id/uploads/images/gallery/2025-05/8i8cKmlIzcEyqXHL-image.png)
**Apikasi ini telah diinstall pada server Apache dengan spesifikasi:**
1. CPU 8x Intel(R) Xeon(R) Bronze 3206R CPU @ 1.90GHz (1 Socket)
2. RAM 32 GB
3. HDD 100GB
4. OS Linux Mint 20.2
Aplikasi dapat diunduh pada link [**Cloud Repositori Bartim**.](https://drive.baritotimurkab.go.id/index.php/s/3FPMdLWejnB6HW5)
**Petunjuk Instalasi:**
1\. Upload file aplikasi pada /var/www/html/logwebmin
2\. Buat konfigurasi virtual domain pada /etc/apache2/sites-available/000-default.conf
<VirtualHost \*:80>
ServerName log6.baritotimurkab.go.id
DocumentRoot /var/www/html/logwebmin/public
RewriteEngine on
DocumentRoot /var/www/html/logwebmin/public
RewriteCond %{SERVER\_NAME} =www.log6.baritotimurkab.go.id \[OR\]
RewriteCond %{SERVER\_NAME} =log6.baritotimurkab.go.id
RewriteRule ^ https://%{SERVER\_NAME}%{REQUEST\_URI} \[END,NE,R=permanent\]
</VirtualHost>
3\. Buat ssl dengan letsencrypt
4\. Buat konfigurasi virtual domain ssl pada /etc/apache2/sites-available/default-ssl.conf
<IfModule mod\_ssl.c>
<VirtualHost \*:443>
ServerName log6.baritotimurkab.go.id
DocumentRoot /var/www/html/logwebmin/public
SSLEngine on
SSLCertificateFile /etc/letsencrypt/live/log6.baritotimurkab.go.id/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/log6.baritotimurkab.go.id/privkey.pem
Include /etc/letsencrypt/options-ssl-apache.conf
ErrorLog ${APACHE\_LOG\_DIR}/logwebmin\_error.log
CustomLog ${APACHE\_LOG\_DIR}/logwebmin\_access.log combined
</VirtualHost>
</IfModule>
5. Buat inisiasi fitur socket
**nano /etc/systemd/system/ipblock.service**
isi:
\[Unit\]
Description=IP Blocking Service
Requires=ipblock.socket
\[Service\]
Type=simple
ExecStart=/usr/local/bin/ipblock-daemon
User=www-data
Group=www-data
Restart=always
RestartSec=5
Environment="SOCKET\_PATH=/var/www/html/logwebmin/storage/sockets/ipblock.sock"
\[Install\]
WantedBy=multi-user.target
**nano /etc/systemd/system/ipblock.socket**
isi:
\[Unit\]
Description=IP Blocking Socket
\[Socket\]
ListenStream=/var/www/html/logwebmin/storage/sockets/ipblock.sock
SocketUser=www-data
SocketGroup=www-data
SocketMode=0660
\[Install\]
WantedBy=sockets.target
**nano /usr/local/bin/ipblock-daemon** (berikan permissions 0755 dan ownership www-data)
isi:
\#!/usr/bin/python3
import socket
import os
import subprocess
import re
SOCKET\_PATH = '/var/www/html/logwebmin/storage/sockets/ipblock.sock'
\# Setup socket directory
os.makedirs(os.path.dirname(SOCKET\_PATH), exist\_ok=True)
\# Remove old socket if exists
try:
os.unlink(SOCKET\_PATH)
except FileNotFoundError:
pass
\# Create and bind socket
sock = socket.socket(socket.AF\_UNIX, socket.SOCK\_STREAM)
sock.bind(SOCKET\_PATH)
sock.listen(1)
os.chmod(SOCKET\_PATH, 0o660)
os.chown(SOCKET\_PATH, 33, 33) # www-data user and group ID
def validate\_ip(ip):
"""Validate IPv4 address format"""
pattern = r'^(25\[0-5\]|2\[0-4\]\[0-9\]|\[01\]?\[0-9\]\[0-9\]?)\\.(25\[0-5\]|2\[0-4\]\[0-9\]|\[01\]?\[0-9\]\[0-9\]?)\\.(25\[0-5\]|2\[0-4\]\[0-9\]|\[01\]?\[0-9\]\[0-9\]?)\\.(25\[0-5\]|2\[0-4\]\[0-9\]|\[01\]?\[0-9\]\[0-9\]?)$'
return re.match(pattern, ip) is not None
while True:
conn, \_ = sock.accept()
try:
data = conn.recv(1024).decode().strip()
if not data:
continue
# Handle unblock command
if data.startswith('unblock:'):
ip = data.split(':')\[1\]
if validate\_ip(ip):
try:
subprocess.run(\['sudo', '/usr/local/bin/unblock-ip.sh', ip\], check=True)
conn.send(b"OK")
except subprocess.CalledProcessError as e:
conn.send(f"ERROR: Unblock failed - {str(e)}".encode())
else:
conn.send(b"ERROR: Invalid IP format for unblock")
# Handle block command (original functionality)
else:
ip = data
if validate\_ip(ip):
try:
subprocess.run(\['sudo', '/usr/local/bin/block-ip.sh', ip\], check=True)
conn.send(b"OK")
except subprocess.CalledProcessError as e:
conn.send(f"ERROR: Block failed - {str(e)}".encode())
else:
conn.send(b"ERROR: Invalid IP format for block")
except Exception as e:
conn.send(f"ERROR: Server error - {str(e)}".encode())
finally:
conn.close()
**nano /usr/local/bin/block-ip.sh**
isi:
\#!/bin/bash
IP=$1
iptables -A INPUT -s $IP -j DROP
**nano /usr/local/bin/unblock-ip.sh**
isi:
\#!/bin/bash
IP=$1
iptables -D INPUT -s $IP -j DROP
6\. Berikan akses www-data untuk menjalankan shell block-ip.sh dan unblock-ip.sh
**nano /etc/sudoers**
isi:
\#
\# This file MUST be edited with the 'visudo' command as root.
\#
\# Please consider adding local content in /etc/sudoers.d/ instead of
\# directly modifying this file.
\#
\# See the man page for details on how to write a sudoers file.
\#
Defaults env\_reset
Defaults mail\_badpass
Defaults secure\_path="/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/snap/bin"
\# Host alias specification
\# User alias specification
\# Cmnd alias specification
\# User privilege specification
root ALL=(ALL:ALL) ALL
\# Members of the admin group may gain root privileges
%admin ALL=(ALL) ALL
\# Allow members of group sudo to execute any command
%sudo ALL=(ALL:ALL) ALL
\# See sudoers(5) for more information on "#include" directives:
\#includedir /etc/sudoers.d
**\#fungsi tambahan blokir lewa app logwebmin**
www-data ALL=(ALL) NOPASSWD: /usr/local/bin/block-ip.sh
www-data ALL=(ALL) NOPASSWD: /usr/local/bin/unblock-ip.sh
7\. Jalankan service daemon
**sudo systemctl daemon-reload**
**sudo systemctl restart ipblock.socket ipblock.service**
**sudo systemctl enable ipblock.socket**
8\. Verifikasi service
**sudo systemctl status ipblock.service**
**journalctl -u ipblock.service -f**
9\. Pastikan anda telah mendaftar akun pada [https://www.maxmind.com/](https://www.maxmind.com/)
untuk mendapatkan license-key seperti pada contoh berikut:
[](https://dokumen.baritotimurkab.go.id/uploads/images/gallery/2025-05/O0KaS8oNtVVvEDcA-image.png)
agar dapat diinisiasikan pada .env
[](https://dokumen.baritotimurkab.go.id/uploads/images/gallery/2025-05/y4jcCgQRkdV15syq-image.png)