Block countries - Nginx

Frank Liu gfrankliu at gmail.com
Tue May 22 08:45:09 UTC 2018


Instead of the default nginx geoip module , I suggest you switch to third
party geoip2 module for two reasons:
1) maxmind deprecated geoip1 db.
2)geoip2 module can do what you wanted, and the geo lookup can be based on
any variables, such as $http_x_forwarded_for
 Frank

On Mon, May 21, 2018 at 6:37 PM Sathish Kumar <satcse88 at gmail.com> wrote:

> Hi All,
>
> Is there a way, I can block the clients which is coming through load
> balancer using http geo ip module nginx.
>
>
> Currently, I can block the clients which is not coming through load
> balancer or api gateway by geo ip module.
>
>
>
>
> On Mon, May 21, 2018, 2:02 PM basti <mailinglist at unix-solution.de> wrote:
>
>> hello,
>> the way to block ip's can also be used for PTR records, I think.
>> Also as wildcard.
>>
>> On 21.05.2018 05:49, Sathish Kumar wrote:
>> > Hi All,
>> >
>> > I have a requirement to block certain countries coming to our website.
>> > I managed to achieved it using the ngx_http_geoip_module. I have a
>> > problem now, if the request comes through Amazon API Gateway, how can I
>> > read the X-forwarded-for header or block these request too.
>> >
>> > nginx.conf
>> > map $geoip_country_code $allow_country {
>> >  default yes;
>> > SG no;
>> > }
>> >
>> >
>> > geoip_country /etc/nginx/GeoIP.dat; # the country IP database
>> > geoip_city /etc/nginx/GeoLiteCity.dat; # the city IP database
>> >
>> >
>> > domain.conf
>> > if ($allow_country = no) {
>> > return 444;
>> > }
>> >
>> > Thanks & Regards
>> > Sathish.V
>> >
>> >
>> > _______________________________________________
>> > nginx mailing list
>> > nginx at nginx.org
>> > http://mailman.nginx.org/mailman/listinfo/nginx
>> >
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180522/7ba7eac6/attachment.html>


More information about the nginx mailing list