Plainsurf Solutions

Blocking Specific Countries with Nginx using GeoIP

Introduction:

In this tutorial, we will walk through the process of Blocking Specific Countries with Nginx using GeoIP data. By leveraging the MaxMind GeoIP2 database, we can effectively restrict access to our website based on the visitor’s country. This guide assumes you are using a Linux-based system.

Step 1: Installing Required Packages

Begin by installing the necessary packages. Open a terminal and execute the following commands:

$ sudo apt update

$ sudo add-apt-repository ppa:maxmind/ppa

$ sudo apt install geoipupdate libmaxminddb0 libmaxminddb-dev mmdb-bin

Step 2: Configuring the GeoIP Database

Open the GeoIP configuration file using the command:

$ sudo vim /etc/GeoIP.conf

Replace the placeholders YOUR_ACCOUNT_ID_HERE and YOUR_LICENSE_KEY_HERE with your MaxMind account ID and license key, obtained from https://www.maxmind.com/en/my_license_key. Additionally, specify the edition IDs of the databases you want to update, such as GeoLite2-ASN, GeoLite2-City, and GeoLite2-Country

Step 3: Updating the GeoIP Database

To download the latest GeoIP database files, run the following command:

$ sudo geoipupdate

Step 4: Configuring Nginx with GeoIP2 Module

Clone the ngx_http_geoip2_module from GitHub using the command:

$ git clone https://github.com/leev/ngx_http_geoip2_module.git

Check your Nginx version by executing:

$ nginx -v

Download and extract the desired Nginx version:

$ wget http://nginx.org/download/nginx-VERSION.tar.gz

$ tar zxvf nginx-VERSION.tar.gz

$ cd nginx-VERSION

Configure Nginx with the GeoIP2 module:

$ ./configure --with-compat --add-dynamic-module=../ngx_http_geoip2_module

$ make modules

Create a directory to store Nginx modules:

$ mkdir -p /etc/nginx/modules

Copy the ngx_http_geoip2_module.so file to the Nginx modules directory:

$ cp -vi objs/ngx_http_geoip2_module.so /etc/nginx/modules/

Verify the Nginx configuration:

$ sudo nginx -t

If there are no errors, proceed to the next step.

Step 5: Modifying Nginx Configuration

Open the main Nginx configuration file (nginx.conf) in a text editor:

$ sudo vim /etc/nginx/nginx.conf

Within the http block, add the following lines to define the path

geoip2 /var/lib/GeoIP/GeoLite2-Country.mmdb {

    $geoip2_data_country_iso_code country iso_code;

}

map $geoip2_data_country_iso_code $allowed_country {

    default no;

    CA yes; # Canada

    IN yes; # India

    US yes; # United State

}

Step 6: Updating Website Configuration

Edit the configuration file for your website (e.g., sites-available/filename) and insert the following block inside the server block to block access from forbidden countries:

server {

    # Block forbidden countries

    if ($allowed_country = no) {

        return 444;

    }

    [...]

}

Conclusion:

By following these steps, you have successfully configured Nginx to block access from specific countries using the GeoIP2 database. This feature provides an additional layer of security for your website by restricting access based on geographical location. Experiment with different countries and adapt the configuration to suit your specific needs.

Checkout our other blogs:

linux cmd line mastery :- https://plainsurf.com/linux-command-line-mastery-tips-and-tricks-for-advanced-users/

linux opensource heaven :- https://plainsurf.com/linux-open-source-heaven-how-linux-is-revolutionizing-the-tech-industry/