I've been figuring out how to block or redirect web traffic in Nginx based on the country geoIP.
NOTES
* You need the package nginx-extras for this because this package has the geoIP Nginx plugin.
* I used Japan (JP) in these examples, so change the country code to whatever you wish.
APPROACH #1 - BASIC
This uses a locally-downloaded GeoIP database.
I. This goes in the HTTP block. It basically flags traffic from countries you specify.
# DETECT JAPAN TRAFFICgeoip_country /usr/share/GeoIP/GeoIP.dat;map $geoip_country_code $allow_visit { default yes; JP no;}
II. This goes in the SERVER block. It sets the action you want on the country IP flag you set.
# BLOCK ACCESS FROM JAPANif ($allow_visit = no) {deny all ;}
** Alternatively, you could redirect the traffic somewhere instead of outright blocking it...
# REDIRECT JAPAN TRAFFICif ($allow_visit = no) {return 301 https://www.japanatron.com/ ;}
APPROACH #2 - ADVANCED
This approach allows you to set exceptions, like for whitelisted IP addresses.
I. This goes in the HTTP block:
# DETECT JAPAN TRAFFICgeoip_country /usr/share/GeoIP/GeoIP.dat;map $geoip_country_code $allowed_country { default yes; JP no; }
geo $exclusions { default 0; 111.222.333.444/32 1; }
II. This goes in the SERVER block:
# REDIRECT JAPAN TRAFFICif ($allowed_country = yes) { set $exclusions 1; }
if ($exclusions = "0") { return 301 https://www.japanatron.com ; }
APPROACH #3 - CLOUDFLARE IP COUNTRY HEADER
If you use Cloudflare's reverse proxy / CDN service, you can read the geoIP information from Cloudflare's headers. This is my favorite approach because it doesn't require locally downloading and maintaining a geoIP database.
I. This goes in the HTTP block:
# DETECT JAPAN TRAFFIC (CLOUDFLARE HEADER)map $http_cf_ipcountry $allowed_country { default yes; JP no;}
geo $exclusions { default 0; 111.222.333.444/32 1;}
II. This goes in the SERVER block:
# REDIRECT JAPAN TRAFFICif ($allowed_country = yes) { set $exclusions 1; }
if ($exclusions = "0") { return 301 https://www.japanatron.com ; }
Related Articles
Joomla - Checklist for Moving ...
* Remove web directory protection entries * Rsync files to the new location * Change Apache root folder settings * Redo web directory protection entries * U...
The Hunt for the Ultimate Free...
I spent some time researching top-rated, but free antivirus security software for both Mac and Windows. There are far more free antivirus software solutions ou...
FreeNAS - Bi-Directional Rsync...
Go to /root on 1st server. ssh root@server1 cd /root FreeNAS OS drive is mounted read-only, so mount it RW. mount -o rw / Generate an RSA key & leave the ...
Joomla Running on Nginx and Ub...
What follows is an outline I compiled while building an Ubuntu server for running the Joomla CMS on the Nginx web server. NOTE: Ubuntu 14.04 LTS was used for th...