How to block visitors by country in Nginx

Aug 13, 2021 · 1 min read · Post a comment

In some of mine previous posts, I wrote about how you can whitelist IPs in Nginx. In today’s tutorial, we are going to see how can we block specific countries in a few steps.


  • Nginx
  • sudo privileges


Step 1. First, check if your Nginx version supports the HttpGeoipModule.

nginx -V

In the output, you should look for --with-http_geoip_module.

Step 2. Install the GeoIP database.

sudo apt-get install geoip-database libgeoip1 -y

Step 3. Configure Nginx by updating the nginx.conf file. Let’s say we want to allow the traffic that comes from US only. Place the following code in the http block:

http {
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default no;
        US yes;

You can find the list of country codes here.

Step 4. The second part of the Nginx configuration comes from updating the vhost config file that’s usually stored under sites-available/ or conf.d/ subdirectory. Add the following block in either server block, or location block (if you want to restrict just a certain path of the site). For instance:

server {
    if $(allowed_country = no) {
        return 403;

Step 5. Test the Nginx configuration and reload.

nginx -t
nginx -s reload


As always, consider using the HttpGeoipModule only if you can’t deal with firewalls for some reason. Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on Telegram.