1) Download the Geo2ip lite database:

# curl -Lo /usr/share/GeoIP/GeoLiteCountry.dat.gz https://dl.miyuru.lk/geoip/dbip/country/dbip4.dat.gz

Or download some other DB files from:

GeoIP Legacy Databases

Or, a paid one from Maxmind.

Note: 1) The IP Data Base file should be updated once in a month (/a while) as IPs are transferred between ISPs in various countries. The Maxmind file updates about once a month.
Note: 2) The Maxmind file FORMAT is expected to be change on May 2022. If not updating to a newer ModSecurity suitable module, the near future (from May 2022) Maxmind file should be converted to the legacy used file format. On December 2021, it downloads as file.dat.gz, so note the two file formats in the file name, before its uncompressed.

2) uncompress the file (Converted the zip *.gz file to a *.dat file):

# gunzip /usr/share/GeoIP/GeoLiteCountry.dat.gz

3) Uploaded the COUNTRY file to:

# /usr/share/GeoIP/GeoLiteCountry.dat

Such feature may be achieved using ModSecurity GeoIP module on Plesk.

Below is a full guidance:

ModSecurity Blocking Countries Guidance

1) Download the Geo2ip lite database:

# curl -Lo /usr/share/GeoIP/GeoLiteCountry.dat.gz https://dl.miyuru.lk/geoip/dbip/country/dbip4.dat.gz

Or download some other DB files from:

GeoIP Legacy Databases

Or, a paid one from Maxmind.

Note: 1) The IP Data Base file should be updated once in a month (/a while) as IPs are transferred between ISPs in various countries. The Maxmind file updates about once a month.
Note: 2) The Maxmind file FORMAT is expected to be change on May 2022. If not updating to a newer ModSecurity suitable module, the near future (from May 2022) Maxmind file should be converted to the legacy used file format. On December 2021, it downloads as file.dat.gz, so note the two file formats in the file name, before its uncompressed.

2) uncompress the file (Converted the zip *.gz file to a *.dat file):

# gunzip /usr/share/GeoIP/GeoLiteCountry.dat.gz

3) Uploaded the COUNTRY file to:

# /usr/share/GeoIP/GeoLiteCountry.dat

4) Enable GeoIP in a file according to which ModSecurity Rule set is used:

For OWASP:
# vi /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/10-crs-setup.conf

un-commented the following line:
SecGeoLookupDB /usr/share/GeoIP/GeoLiteCountry.dat

5) Manually Create a ModSecurity rule

Using OWASP:
# touch /etc/apache2/modsecurity.d/rules/owasp_modsecurity_crs_3-plesk/country_block.conf
Using COMODO:
# touch /etc/apache2/modsecurity.d/rules/comodo_free/country_block.conf

Place the rule in the just created file:

SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"

SecRule GEO:COUNTRY_CODE "@pm XX XX XX"

Note: "XX" are to be replaced with the actual country codes.
Also rule id (in the above example - "99999932392") should be unique, otherwise, the apache2 service wouldn't

Country two charts ISO code list is available here:

ISO 3166-1 alpha-2 - Wikipedia

You may copy country code already set in one line, from the below example, blocking all countries, but not USA, Canada, Russia, most Western European countries, and Israel.

SecRule REMOTE_ADDR "@geoLookup" "phase:1,chain,id:99999932392,drop,log,msg:'Blocking %{geo.country_code}'"

SecRule GEO:COUNTRY_CODE " @pm AF AG AI AL AM AO AQ AR AS AW AX AZ BA BB BD BF BG BH BI BJ BL BM BN BO BQ BR BS BT BV BW BY BZ CC CD CF CG CI CK CL CM CN CO CR CU CV CW CX CZ DJ DM DO DZ EC EE EG EH ER ET FJ FK FM FO GA GD GE GF GG GH GI GL GM GN GP GQ GS GT GU GW GY HK HM HN HR HT HU ID IE IM IN IO IQ IR JE JM JO KE KG KH KI KM KN KP KR KW KY KZ LA LB LC LK LR LS LY MA MD ME MF MG MH MK ML MM MN MO MP MQ MR MS MT MU MV MW MX MY MZ NA NC NE NF NG NI NP NR NU OM PA PE PF PG PH PK PL PM PN PR PS PT PW PY QA RE RO RS RW SA SB SC SD SG SH SI SJ SK SL SN SO SR SS ST SV SX SY SZ TC TD TF TG TH TJ TK TL TM TN TO TR TT TV TW TZ UA UG UM UY UZ VA VC VE VG VI VN VU WF WS XK YE YT ZA ZM ZW"

6) Test server configuration and fix before restart if needed:

# apachectl configtest

7) Restart the server, to make sure the new configuration takes place:

# systemctl restart apache2

8) Test the blocking happens.

You may use mobile phone Opera browser that has a built-in VPN, allowing to choose Asia/Europe/America as a location.

Choose Asia, which in my case used Singapore IP. Set Opera to also include VPN for search results.
Then, check on the mobile Opera is set for Asia, on Google:

“What is my IP?”

And copy the IP to check it’s indeed in Asia, on a service as (replace the 8.8.8.8 IP with the one you got):

8.8.8.8 IP Address Details - IPInfo.io

Now, access your website. You may get on the browser client a ‘502’ error on the browser. Log file will look something like:

2021-mm-dd 12:51:40 Error 77.111.245.12 403 GET / HTTP/1.0 5.00 K Apache SSL/TLS access
2021-mm-dd 12:51:40 Error 77.111.245.12 [client 77.111.245.12] ModSecurity: Access denied with connection close (phase 1). Matched phrase "SG" at GEO:COUNTRY_CODE. [file "/etc/apache2/modsecurity.d/rules/comodo_free/country_block.conf"] [line "1"] [id "99999932392"] [msg "Blocking SG"] [hostname "currenge.com"] [uri "/"] [unique_id "Ya88vB9V-Qu@vxwlDnpcQwAAAAA"] Apache error
2021-mm-dd 12:51:40 Error 77.111.245.12 62778#0: *180 upstream prematurely closed connection while reading response header from upstream nginx error

** See more recommendations in the attached PDF file **

...need block by country option for yesterday!!!

Plus

all great, but first server by default in plesk now nginx.

Implement http://dev.maxmind.com/geoip/legacy/mod_geoip2/ for blocking / allowing countries explicitely and not to use a huge and slow .htaccess for ip-ranges.

Yes, correct

Yes, correct