CentOS

CentOS 7.6 why do hosts.deny and hosts.allow behave like this?

Axis CentOS 7.6
The task is to allow any connections to the server only from the specified countries.
What I did: I registered it in the
file and there are no more rules there . I registered it in the file and there are no more records there either. The file contains this:hosts.denyALL: ALL
hosts.allowALL: ALL: spawn /opt/geoip.sh %a
/opt/geoip.sh

#!/bin/bash

# UPPERCASE space-separated country codes to ACCEPT
ALLOW_COUNTRIES="RU UA"

if [ $# -ne 1 ]; then
  echo "Usage:  `basename $0` <ip>" 1>&2
  exit 0 # return true in case of config issue
fi

COUNTRY=`/usr/bin/geoiplookup $1 | awk -F ": " '{ print $2 }' | awk -F "," '{ print $1 }' | head -n 1`

 && RESPONSE="ALLOW" || RESPONSE="DENY"

if [ $RESPONSE = "ALLOW" ]
then
  logger "$RESPONSE connection from $1 ($COUNTRY)"
  exit 0
else
  logger "$RESPONSE connection from $1 ($COUNTRY)"
  exit 1
fi

As a result, I have: when connecting via ssh, a connection is written to the log, the country and everything works as it should.
When connecting to a web server on port 80 or 443, there are no entries in the log and no prohibitions, as if there were no rules. What am I doing wrong?