Country banning
APseudoUtopia
apseudoutopia at gmail.com
Sat Aug 29 19:49:38 MSD 2009
On Sat, Aug 29, 2009 at 11:41 AM, Jim Ohlstein<jim at ohlste.in> wrote:
> We're dealing with a high degree of fraud from certain countries and would
> like to simply ban all IP's from those countries.
>
> I seem to recall reading here that using the Geo module is more efficient
> for this purpose than the GeoIP module.
>
> Currently I have the following in nginx.conf:
>
> geo $country {
> include geo.conf;
> }
>
> where geo.conf is generated from MaxMind country lite csv database using
> geo2nginx.pl supplied with nginx.
>
> In the site config I have multiple if statements like:
>
> server {
> ...
>
> if ($country = XX) {
> return 403;
> }
>
> if ($country = YY) {
> return 403;
> }
>
> if ($country = ZZ) {
> return 403;
> }
>
> ...
>
> }
>
> Is this more efficient than using GeoIP module? Is there a more efficient
> way of doing this?
>
> Jim
>
>
>
>
It'd probably be more efficient to do this through a firewall...ipfw
or pf on unix, or iptables on linux. There are several sites that keep
lists of IP block allocations to countries. A good example is
http://www.countryipblocks.net/. This would definitely be more
efficient than looking up every IP in a GeoIP database.
More information about the nginx
mailing list