Skip to content

Instantly share code, notes, and snippets.

@dunderrrrrr

dunderrrrrr/GeoIP Block NGINX Ubuntu 20.04.md

Created April 19, 2021 08:28
Show Gist options
  • Star 17 You must be signed in to star a gist
  • Fork 14 You must be signed in to fork a gist
  • Save dunderrrrrr/8d3fced1f73de2d70ede38f39c88d215 to your computer and use it in GitHub Desktop.
Save dunderrrrrr/8d3fced1f73de2d70ede38f39c88d215 to your computer and use it in GitHub Desktop.
Download ZIP
Allow or block GeoIP in Nginx on Ubuntu 20.04
Raw
GeoIP Block NGINX Ubuntu 20.04.md

GeoIP Block NGINX Ubuntu 20.04

Block or filter IPs based on location in Nginx (tested on 1.18.0) on Ubuntu 20.04.

Install Nginx modules

To make use of the geographical filtering, we must first install the Nginx GeoIP module as well as the GeoIP database containing the mappings between visitors’ IP addresses and their respective countries. To do so, let’s execute:

$ sudo apt install libnginx-mod-http-geoip geoip-database

Download the GeoIP database.

$ sudo mkdir /usr/share/GeoIP
$ cd /usr/share/GeoIP
$ sudo wget sudo wget https://centminmod.com/centminmodparts/geoip-legacy/GeoIP.dat.gz
$ sudo gunzip GeoIP.dat.gz

Add config to nginx /etc/nginx/conf.d/geoip.conf:

# GeoIP database path
#

geoip_country /usr/share/GeoIP/GeoIP.dat;

Edit nginx config /etc/nginx/nginx.conf. Add this below the http { line to only allow Russian IPs You can use ISO’s full, searchable list of all country codes to find your code.

map $geoip_country_code $allowed_country {
    default no;
    RU yes;
}

Finally, add this to your sites virtual config /etc/nginx/sites-available/siteconfig below server {:

    if ($allowed_country = no) {
        return 403;
    }

And reload Nginx sudo systemctl restart nginx

@vitordhers
Copy link

That's great! thanks for this simple tutorial.

@Clyckov34
Copy link

Good

@3IMAD69
Copy link

3IMAD69 commented Oct 25, 2022
edited

Thnaks . but for some reasons , its doesnt work on chrome , but work fine on other browser , i think it has something to do with caching

@dunderrrrrr
Copy link
Author

Thnaks . but for some reasons , its doesnt work on chrome , but work fine on other browser , i think it has something to do with caching

It sure is possible. This gist is 2 years old, feel free to do some research and ill be glad to update the above.

@3IMAD69
Copy link

3IMAD69 commented Oct 25, 2022
edited

Thnaks . but for some reasons , its doesnt work on chrome , but work fine on other browser , i think it has something to do with caching

It sure is possible. This gist is 2 years old, feel free to do some research and ill be glad to update the above.

nvm i fix it by putting the
if ($allowed_country = no) { return 403; }
FIRST on server {

@dunderrrrrr
Copy link
Author

Thnaks . but for some reasons , its doesnt work on chrome , but work fine on other browser , i think it has something to do with caching

It sure is possible. This gist is 2 years old, feel free to do some research and ill be glad to update the above.

nvm i fix it by putting the if ($allowed_country = no) { return 403; } FIRST on server {

Ah, perfect :)

@github-prashant15
Copy link

Heyy Dear,
Thank you very much. For the well-mentioned tutorial. But I have a question: Does anyone use a VPN to reach my country?
They got access to my URL.
Please tell me how I may overcome that problem.

@RokkuCode
Copy link

you can't. even netflix fails to do this. there is no technical proper way to detect vpn conns.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment