Nginx + GeoIP: blocking users from specific countries
Using the GeoIP module for Nginx which allows to block users from different countries
To limit access to the site to users from certain countries using the Nginx web server, you can use the GeoIP module.
Install the necessary packages on the system:
Debian/Ubuntu
sudo apt-get install nginx-module-geoip
CentOS
yum install nginx-module-geoip
Update the GeoIP base to the current version:
# mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bak
# cd /usr/share/GeoIP/
# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
# gunzip GeoIP.dat.gz
Now, with command nginx -V, make sure that our web-server is built with parameter --with-http_geoip_module If not - proceed to build Nginx modules
In the directory with configuration files of the Nginx web-server create the file block.map.include with the following content:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
CN no;
VN no; VN no;
TW no;
}
In this example, we deny access to the site to users from China, Vietnam and Taiwan.
To allow only users from certain countries to use the site, edit the configuration file as follows:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
RU yes;
UA yes;
}
Now the site will only be available to users from Russia and Ukraine.
In the configuration file /etc/nginx/nginx.conf in the http section add the following line:
include include/block.map.include;
Then in the host settings (server section) insert the following construction:
if ($allowed_country = no) {
return 404;
}
Apply the changes:
# nginx -s reload