How to block visitors from a country on NGINX [ with GeoIP Module ]

By: Sunil Kumar |  In: Server  |  Last Updated: 2018/12/01

Sometimes you are running a website which has a local scope and no reason to explore the site to worldwide or you are having a lot of suspicious traffic from a particular country and you want to block that entire country from accessing your site or for any other reason you want to block a country/countries.

In this guide, we will be learning How to block a user in Nginx from a country with help of GeoIP module.

#1. Installing the GeoIP module

Nginx must be installed with HttpGeoIpModule. You can check if your Nginx is compiled with HttpGeoipModule using-

nginx -V

if you see –with-http_geoip_module in the output of the above command you can proceed.

#2. Downloading and Installing GeoIP Database

We need to install maxmind’s GeoIP database –

sudo apt-get install geoip-database libgeoip1

This will place the GeoIp database at – /usr/share/GeoIP/GeoIP.dat

#3. Configure Nginx for blocking

Now we have a database of all the IP ranges of all the countries. Nginx will use this database to recognize the user IP and get the country of that IP from GeoIp database and take the action accordingly.

open Nginx configuration file-

sudo nano /etc/nginx/nginx.conf

and place the following code at the start of http block

   geoip_country /usr/share/GeoIP/GeoIP.dat;
   map $geoip_country_code $allowed_country {
       default yes;
       PK no;
       AU no;
   }

In this code will are setting a variable allowed_country which will be used to allow all the country except Pakistan and Australia(PK-Pakistan, AU-Australia) to access your site.

You can see a list of all the country codes here.

You can do it other way around i.e. block all countries and allow a few –

   geoip_country /usr/share/GeoIP/GeoIP.dat;
   map $geoip_country_code $allowed_country {
       default no;
       IN yes;
       US yes;
   }

this will block all the countries except India and USA.

Now to apply these rules open your website server block file and place the following code inside server block

 if ($allowed_country = no) {
        return 444;
 }

This will return a 444 HTTP error code for a blocked country. You can set other HTTP status code(404-not found or 403- access denied ) as well.

#4. Reload/Restart Nginx

Now you need to reload or restart Nginx server to apply the changes.

sudo service nginx reload

or

sudo service nginx restart

That’s it.

Now user from blocked countries will not be able to access your website. You can add or remove any country in the list. Just add the country and reload the Nginx server.

Comments


Leave a Comment

Your email address will not be published.

*


Sunil Kumar


I am the owner of acmeextension. I am a passionate writter and reader. I like writting technical stuff and simplifying complex stuff.
Know More

Join more than 10,000 others Web Developers


%d bloggers like this: