From 72364492237b94c4abaa29a735cf05295381248e Mon Sep 17 00:00:00 2001
From: CyberMind-FR <gandalf@Gk2.net>
Date: Sun, 1 Feb 2026 05:30:46 +0100
Subject: [PATCH] fix(mitmproxy): Use container-relative path for GeoIP
 database

The mitmproxy container mounts /srv/mitmproxy as /data, so the GeoIP
database path must use /data/GeoLite2-Country.mmdb for the addon to
find it. This enables proper country detection for external IPs in
threat logs, allowing CrowdSec SSRF scenarios to correctly identify
and ban foreign attackers.

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
---
 .../root/srv/mitmproxy/addons/secubox_analytics.py              | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/package/secubox/secubox-app-mitmproxy/root/srv/mitmproxy/addons/secubox_analytics.py b/package/secubox/secubox-app-mitmproxy/root/srv/mitmproxy/addons/secubox_analytics.py
index 893ee832..b27c9640 100644
--- a/package/secubox/secubox-app-mitmproxy/root/srv/mitmproxy/addons/secubox_analytics.py
+++ b/package/secubox/secubox-app-mitmproxy/root/srv/mitmproxy/addons/secubox_analytics.py
@@ -17,7 +17,7 @@ from mitmproxy import http, ctx
 from pathlib import Path
 
 # GeoIP database path (MaxMind GeoLite2)
-GEOIP_DB = "/srv/mitmproxy/GeoLite2-Country.mmdb"
+GEOIP_DB = "/data/GeoLite2-Country.mmdb"
 LOG_FILE = "/var/log/secubox-access.log"
 # CrowdSec log - uses /data which is bind-mounted to /srv/mitmproxy on host
 # This allows CrowdSec on the host to read threat logs from the container