Block countries - Nginx

Sathish Kumar satcse88 at gmail.com
Thu May 24 13:57:24 UTC 2018


Hi,
The client is already sending the X-Forwarded-For but when it received on
server it has multiple ips, how we can filter only the 1st IP and pass it
to geo ip module to block the IP based on Country.

On Thu, May 24, 2018, 11:25 AM Frank Liu <gfrankliu at gmail.com> wrote:

> Since only load balancer sees the client IP, it has to pass that
> information to nginx. You need to talk to your LB engineer and depending on
> the type of LB, there are different ways to do that. Once the information
> is passed to nginx, nginx will expose it as a variable, which can then be
> used by the geoip2 module to do the lookup and create country code for you
> to use for blocking.
>
> On Wed, May 23, 2018 at 6:51 PM, Sathish Kumar <satcse88 at gmail.com> wrote:
>
>> How can I get the client IP address if the request is coming through load
>> balancer or Proxy and pass it to default nginx geoip module to block it
>> based on the Country.
>>
>> On Tue, May 22, 2018, 4:45 PM Frank Liu <gfrankliu at gmail.com> wrote:
>>
>>> Instead of the default nginx geoip module , I suggest you switch to
>>> third party geoip2 module for two reasons:
>>> 1) maxmind deprecated geoip1 db.
>>> 2)geoip2 module can do what you wanted, and the geo lookup can be based
>>> on any variables, such as $http_x_forwarded_for
>>>  Frank
>>>
>>> On Mon, May 21, 2018 at 6:37 PM Sathish Kumar <satcse88 at gmail.com>
>>> wrote:
>>>
>>>> Hi All,
>>>>
>>>> Is there a way, I can block the clients which is coming through load
>>>> balancer using http geo ip module nginx.
>>>>
>>>>
>>>> Currently, I can block the clients which is not coming through load
>>>> balancer or api gateway by geo ip module.
>>>>
>>>>
>>>>
>>>>
>>>> On Mon, May 21, 2018, 2:02 PM basti <mailinglist at unix-solution.de>
>>>> wrote:
>>>>
>>>>> hello,
>>>>> the way to block ip's can also be used for PTR records, I think.
>>>>> Also as wildcard.
>>>>>
>>>>> On 21.05.2018 05:49, Sathish Kumar wrote:
>>>>> > Hi All,
>>>>> >
>>>>> > I have a requirement to block certain countries coming to our
>>>>> website.
>>>>> > I managed to achieved it using the ngx_http_geoip_module. I have a
>>>>> > problem now, if the request comes through Amazon API Gateway, how
>>>>> can I
>>>>> > read the X-forwarded-for header or block these request too.
>>>>> >
>>>>> > nginx.conf
>>>>> > map $geoip_country_code $allow_country {
>>>>> >  default yes;
>>>>> > SG no;
>>>>> > }
>>>>> >
>>>>> >
>>>>> > geoip_country /etc/nginx/GeoIP.dat; # the country IP database
>>>>> > geoip_city /etc/nginx/GeoLiteCity.dat; # the city IP database
>>>>> >
>>>>> >
>>>>> > domain.conf
>>>>> > if ($allow_country = no) {
>>>>> > return 444;
>>>>> > }
>>>>> >
>>>>> > Thanks & Regards
>>>>> > Sathish.V
>>>>> >
>>>>> >
>>>>> > _______________________________________________
>>>>> > nginx mailing list
>>>>> > nginx at nginx.org
>>>>> > http://mailman.nginx.org/mailman/listinfo/nginx
>>>>> >
>>>>> _______________________________________________
>>>>> nginx mailing list
>>>>> nginx at nginx.org
>>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>>
>>>> _______________________________________________
>>>> nginx mailing list
>>>> nginx at nginx.org
>>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>>
>>> _______________________________________________
>>> nginx mailing list
>>> nginx at nginx.org
>>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>>
>> _______________________________________________
>> nginx mailing list
>> nginx at nginx.org
>> http://mailman.nginx.org/mailman/listinfo/nginx
>>
>
> _______________________________________________
> nginx mailing list
> nginx at nginx.org
> http://mailman.nginx.org/mailman/listinfo/nginx
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.nginx.org/pipermail/nginx/attachments/20180524/854fab4d/attachment.html>


More information about the nginx mailing list