<div><div dir="auto">Instead of the default nginx geoip module , I suggest you switch to third party geoip2 module for two reasons:</div><div dir="auto">1) maxmind deprecated geoip1 db.</div><div dir="auto">2)geoip2 module can do what you wanted, and the geo lookup can be based on any variables, such as $http_x_forwarded_for</div><div dir="auto"> Frank</div><br><div class="gmail_quote"><div>On Mon, May 21, 2018 at 6:37 PM Sathish Kumar <<a href="mailto:satcse88@gmail.com">satcse88@gmail.com</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div dir="auto">Hi All,<div dir="auto"><br></div><div dir="auto">Is there a way, I can block the clients which is coming through load balancer using http geo ip module nginx.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto">Currently, I can block the clients which is not coming through load balancer or api gateway by geo ip module.</div><div dir="auto"><br></div><div dir="auto"><br></div><div dir="auto"><br></div></div><br><div class="gmail_quote"><div>On Mon, May 21, 2018, 2:02 PM basti <<a href="mailto:mailinglist@unix-solution.de" target="_blank">mailinglist@unix-solution.de</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex">hello,<br>
the way to block ip's can also be used for PTR records, I think.<br>
Also as wildcard.<br>
<br>
On 21.05.2018 05:49, Sathish Kumar wrote:<br>
> Hi All,<br>
> <br>
> I have a requirement to block certain countries coming to our website. <br>
> I managed to achieved it using the ngx_http_geoip_module. I have a<br>
> problem now, if the request comes through Amazon API Gateway, how can I<br>
> read the X-forwarded-for header or block these request too.<br>
> <br>
> nginx.conf<br>
> map $geoip_country_code $allow_country {<br>
> default yes; <br>
> SG no; <br>
> }<br>
> <br>
> <br>
> geoip_country /etc/nginx/GeoIP.dat; # the country IP database <br>
> geoip_city /etc/nginx/GeoLiteCity.dat; # the city IP database<br>
> <br>
> <br>
> domain.conf<br>
> if ($allow_country = no) { <br>
> return 444; <br>
> }<br>
> <br>
> Thanks & Regards<br>
> Sathish.V<br>
> <br>
> <br>
> _______________________________________________<br>
> nginx mailing list<br>
> <a href="mailto:nginx@nginx.org" rel="noreferrer" target="_blank">nginx@nginx.org</a><br>
> <a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a><br>
> <br>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" rel="noreferrer" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div>
_______________________________________________<br>
nginx mailing list<br>
<a href="mailto:nginx@nginx.org" target="_blank">nginx@nginx.org</a><br>
<a href="http://mailman.nginx.org/mailman/listinfo/nginx" rel="noreferrer" target="_blank">http://mailman.nginx.org/mailman/listinfo/nginx</a></blockquote></div></div>