In some of mine previous posts, I wrote about how you can whitelist IPs in Nginx. In today’s tutorial, we are going to see how can we block specific countries in a few steps.
Prerequisites
- Nginx
- sudo privileges
Solution
Step 1. First, check if your Nginx version supports the HttpGeoipModule.
nginx -V
In the output, you should look for --with-http_geoip_module.
Step 2. Install the GeoIP database.
sudo apt-get install geoip-database libgeoip1 -y
Step 3. Configure Nginx by updating the nginx.conf file. Let’s say we want to allow the traffic that comes from US only. Place the following code in the http block:
http {
...
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
US yes;
}
}
You can find the list of country codes here.
Step 4. The second part of the Nginx configuration comes from updating the vhost config file that’s usually stored under sites-available/ or conf.d/ subdirectory. Add the following block in either server block, or location block (if you want to restrict just a certain path of the site). For instance:
server {
...
if $(allowed_country = no) {
return 403;
}
}
Step 5. Test the Nginx configuration and reload.
nginx -t
nginx -s reload
Conclusion
As always, consider using the HttpGeoipModule only if you can’t deal with firewalls for some reason. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.