nginx,

How to block visitors by country in Nginx

Aug 13, 2021 · 1 min read · Post a comment
How to block visitors by country in Nginx

In some of mine previous posts, I wrote about how you can whitelist IPs in Nginx. In today’s tutorial, we are going to see how can we block specific countries in a few steps.

Prerequisites

  • Nginx

Solution

Step 1. First, check if your Nginx version supports the HttpGeoipModule:

nginx -V

In the output, you should look for --with-http_geoip_module.

Step 2. Install the GeoIP database:

sudo apt-get install geoip-database libgeoip1 -y

Step 3. Configure Nginx by updating the nginx.conf file. Let’s say we want to allow the traffic that comes from US only. Place the following code in the http block:

http {
    ...
    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default no;
        US yes;
   }
}

You can find the list of country codes here.

Step 4. The second part of the Nginx configuration comes from updating the vhost config file that’s usually stored under sites-available/ or conf.d/ subdirectory. Add the following block in either server block, or location block (if you want to restrict just a certain path of the site). For example:

server {
    ...
    if $(allowed_country = no) {
        return 403;
    } 
}

Step 5. Test the Nginx configuration and reload:

nginx -t
nginx -s reload

Conclusion

As always, consider using the HttpGeoipModule only if you can’t deal with firewalls for some reason.
Feel free to leave a comment below and if you find this tutorial useful, follow our official channel on telegram.