Japanatron Logo

Nginx - How to Block or Redirect by GeoIP

Details

I've been figuring out how to block or redirect web traffic in Nginx based on the country geoIP.

NOTES
* You need the package nginx-extras for this because this package has the geoIP Nginx plugin.
* I used Japan (JP) in these examples, so change the country code to whatever you wish.

APPROACH #1 - BASIC
This uses a locally-downloaded GeoIP database.

I. This goes in the HTTP block. It basically flags traffic from countries you specify.

# DETECT JAPAN TRAFFIC
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allow_visit {
default yes;
JP no;
}

II. This goes in the SERVER block. It sets the action you want on the country IP flag you set.

# BLOCK ACCESS FROM JAPAN
if ($allow_visit = no) {
deny all ;
}

** Alternatively, you could redirect the traffic somewhere instead of outright blocking it...

# REDIRECT JAPAN TRAFFIC
if ($allow_visit = no) {
return 301 https://www.japanatron.com/ ;
}

APPROACH #2 - ADVANCED
This approach allows you to set exceptions, like for whitelisted IP addresses.

I. This goes in the HTTP block:

# DETECT JAPAN TRAFFIC
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
JP no;
}

geo $exclusions {
default 0;
111.222.333.444/32 1;
}

II. This goes in the SERVER block:

# REDIRECT JAPAN TRAFFIC
if ($allowed_country = yes) {
set $exclusions 1;
}

if ($exclusions = "0") {
return 301 https://www.japanatron.com ;
}

APPROACH #3 - CLOUDFLARE IP COUNTRY HEADER
If you use Cloudflare's reverse proxy / CDN service, you can read the geoIP information from Cloudflare's headers. This is my favorite approach because it doesn't require locally downloading and maintaining a geoIP database.

I. This goes in the HTTP block:

# DETECT JAPAN TRAFFIC (CLOUDFLARE HEADER)
map $http_cf_ipcountry $allowed_country {
default yes;
JP no;
}

geo $exclusions {
default 0;
111.222.333.444/32 1;
}

II. This goes in the SERVER block:

# REDIRECT JAPAN TRAFFIC
if ($allowed_country = yes) {
set $exclusions 1;
}

if ($exclusions = "0") {
return 301 https://www.japanatron.com ;
}

Related Articles

iPhone Mail with MS Exchange M...

PROBLEMOnce in a while I am unable to delete an email message on my iPhone.  It throws an "unable to move message to trash" error message.  I use the normal iPh...

Getflix - Netflix Still Not Wo...

There was a recent issue where the Playstation 3 Netflix app stopped working with Getflix--a service I use to watch Netflix here in Japan.  Fortunately, Getflix...

Joomla - How to Modify RSSocia...

RSSocial is an awesome free Joomla extension I use to display social media icons on my site.  Since it uses the Fontello Zocial font kit, I figured out how to m...

How to Look at Internet Porn

In the course of my IT career, I can't tell you how many times some guy has brought a computer to me saying, "I dunno what happened.  It seems to have a ...