Add new post

2024-11-22 08:15:13 +00:00 · 2024-04-07 10:59:01 +12:00 · 2024-04-07 10:59:01 +12:00 · 1189975161
commit 1189975161
parent 5a58cc4020
1 changed files with 43 additions and 0 deletions
--- a/content/posts/nginx_geo_block.md
+++ b/content/posts/nginx_geo_block.md
@ -0,0 +1,43 @@
+---
+title: "Geo Blocking countries with nginx"
+tags: ["spam", "geo block", "nginx"]
+date: "2024-04-07"
+---
+
+Quick and easy way to block entire countries using simple nginx rules.
+Note this is primarily for Ubuntu/Nginx but may work on other systems
+
+Install required fields
+```shell
+apt install -y libnginx-mod-http-geoip geoip-database
+```
+
+The GeoIP DB will be under /usr/shared/GeoIP/GeoIPv6.dat (Or GeoIP.dat for v4 only)
+We need to add this into nginx conf:
+```shell
+echo 'geoip_country /usr/share/GeoIP/GeoIP.dat;' > /etc/nginx/conf.d/geoip.conf
+```
+
+Add this block under the main "http" block in nginx.conf:
+```shell
+# /etc/nginx/nginx.conf
+map $geoip_country_code $allowed_country {
+    default yes;
+    BD no; # Country code to block - Can list mulitple
+}
+```
+
+Then we need to add a simple check in our site vhost:
+```shell
+# /etc/nginx/sites-enabled/your_site.conf
+if ($allowed_country = no) {
+    return 403;
+}
+```
+
+Quick reload and boom! Done!
+```shell
+systemctl reload nginx
+```
+
+Based off an older gist found on [Github here](https://gist.github.com/dunderrrrrr/8d3fced1f73de2d70ede38f39c88d215)