Country blocking using Nginx GeoIP in Ubuntu 16.04

In the following article, I will share on how to install the GeoIP module on Nginx and how to write the code in Nginx to block the visitor from certain country.

There are many way to block the customer from certain country to access your website if you are not actually serving over there. The most basic one if you can do at your application layer, which check every single access IP and base on that either block and show the page.

Another way is you can block at the web server level, where no application will be hit if they are not allow to access. I will share about how to block the access from certain country using the Nginx + GeoIP module. With the Nginx + GeoIP module, you not only able to block the client from certain country, but you also can utilise the location information to display difference information or redirect them to closer possible server location.

In order to follow the article, you may need to have the Sudo permission in your Ubuntu server

 

Step 1: Install Nginx and GeoIP

To install the Nginx with GeoIP module, there are 2 difference way to do that,

1. Use the precompiled package (only -full and -extra have GeoIP module)
2. compile your nginx with the –with-http_geoip_module configuration parameter (you may need to ahve the geoip-dev libraries)

In this article I will share the most easy way, which is the install with precompiled package

$ sudo apt update && sudo apt-get install nginx-full geoip-database

 

Step 2: Check is the GeoIP module installed

To make sure the GeoIP module install, run the following script to check on the nginx, only with the module install, than only can may proceed to the next step.

$ nginx -V 2>&1|grep --color=always with-http_geoip_module

 

Step 3: Download GeoIP database

$ wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
$ gunzip GeoLiteCity.dat.gz
$ mv GeoLiteCity.dat /etc/nginx/GeoIP/

 

Step 4: Configure Nginx and the virtual host

After the GeoIP database is ready, we will continue to configure Nginx by pointing the nginx to GeoIP database file

Open the nginx.conf (default location: /etc/nginx/nginx.conf) with your preferred text editor. Add the line geoip_city /etc/nginx/GeoIP/GeoLiteCity.dat into it, your nginx.conf file should look like this


http{

##
# Basic Settings
##

geoip_city /etc/nginx/GeoIP/GeoLiteCity.dat;

}

Save it.

next we will edit the virtual host (default /etc/nginx/sites-available/default). Inside you may need to create a map and add the subdomain to the server_name directive

The map in the Nginx allow us to set a variable


map $geoip_country_code $allow_visit {
default yes;
US no;
MY no;
}

server{
if ($allow_visit = no) {
return 403;
}
...
}

 

Step 5: Restart/reload nginx

$ sudo service nginx reload

Now any countries that you have set to ‘no’ will received a 403 forbidden page. If you want to blacklist all country and only allow certain country, you may change the default to no, and the selected country to yes.

 

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: