Nginx Block Countries Using GeoIP Modules

Nginx block countries using GeoIP modules. Fortunately using EasyEngine installation, nginx is already installed with -with-http_geoip_module option. You can check with this command

nginx -V 2>&1 | grep -- 'http_geoip_module'

The IP database is also already downloaded on /usr/share/GeoIP/GeoIP.dat

1. Map and Declare $allowed_country Variable

This means the only steps we need to do is create a conf file inside /etc/nginx/conf.d/ directory. For a reminder, creating a conf file inside the conf.d directory will be auto-included from nginx.conf file. The configuration content below is meant to be put inside http block. Let’s name it badcountries.conf.

1
2
3
4
5
6
7
8
9
10
11
12
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
    default yes;
    CN no;
    ID no;
    IN no;
    RU no;
}
geo $exclusions {
    default 0;
    10.8.0.0/24 1;
}

2. Check $allowed_country Variable with Active IP Visitor

Next step is check the $allowed_country variable against the current visitor’s IP address. Put this code inside server block.

1
2
3
if ($allowed_country = "no") { 
  return 444; 
}

Restart nginx after editing is done.

service nginx restart

Now, every visitors coming from countries you defined as no inside badcountries.conf will be served with 444 error code.

For the list of ISO 3166 country codes you can put inside badcountries.conf file, follow this link.

Leave a Reply

Your email address will not be published. Required fields are marked *