m2.nz/content/posts/nginx_geo_block.md

1.2 KiB

title tags date
GeoIP blocking countries using Nginx
nginx
geoip
spam
geo block
2024-04-06

Quick and easy way to block entire countries using simple nginx rules. Note this is for Ubuntu/Nginx but may work on other systems.

Install required packages & add to nginx config.
The GeoIP DB will be under /usr/shared/GeoIP/GeoIPv6.dat (Or GeoIP.dat for v4 only):

sudo apt install -y libnginx-mod-http-geoip geoip-database
echo 'geoip_country /usr/share/GeoIP/GeoIPv6.dat;' > /etc/nginx/conf.d/geoip.conf

Add this block under the main "http" block in nginx.conf:

# /etc/nginx/nginx.conf
map $geoip_country_code $allowed_country {
    default yes;
    BD no; # Country code to block - Can list mulitple
}

Then we need to add a simple check in our site vhost inside the server { block, but before the location / block:

# /etc/nginx/sites-enabled/site.conf or /etc/nginx/conf.d/site.conf
if ($allowed_country = no) {
    return 403;
}

Quick reload and boom! Done!

sudo systemctl reload nginx

Based off an older gist found on Github here