Jump to content



Photo

(Debian / Ubuntu) nginx: Visitors to the GeoIP module by country block


  • Please log in to reply
No replies to this topic

#1 Arctic

Arctic

    Haphost Staff

  • Moderators
  • 341 posts
  • LocationGermany

Posted 23 October 2014 - 06:36 PM

This tutorial explains how to nginx in the GeoIP module to use block to allow visitors from certain countries. This is made possible by the GeoIP database which associates the IP addresses with the user countries. nginx needs to be compiled with HttpGeoipModule to the GeoIP database.

For the correctness of the contents of the tutorial I give no guarantee.

 

1. Preface

 

As noted in the introduction, nginx must be compiled with HttpGeoipModule. To check if your nginx was compiled with this module, use:

nginx -V

See --with- http_geoip_module in the output, you are capable of the GeoIP database to use nginx:

 

root @ server1: ~ # nginx-V
nginx version: nginx / 1.2.1
TLS SNI support enabled
configure arguments: --prefix = / etc / nginx --conf-path = / etc / nginx / nginx.conf --error-log-path = / var / log / nginx / error.log --http-client-body -temp-path = / var / lib / nginx / body --http-fastcgi-temp-path = / var / lib / nginx / fastcgi --http-log-path = / var / log / nginx / access.log - -http-proxy-temp-path = / var / lib / nginx / proxy --http-scgi-temp-path = / var / lib / nginx / scgi --http-uwsgi-temp-path = / var / lib / nginx / uwsgi --lock-path = / var / lock / nginx.lock --pid-path = / var / run / nginx.pid --with-pcre-jit-debug --with --with- http_addition_module - with-http_dav_module --with- http_geoip_module --with- http_gzip_static_module --with- http_image_filter_module --with- http_realip_module --with- http_stub_status_module --with- http_ssl_module --with- http_sub_module --with- http_xslt_module --with-ipv6 - with-sha1 = / usr / include / openssl --with-md5 = / usr / include / openssl --with-mail --with- mail_ssl_module --add-module = / build / buildd nginx_1.2.1-2.1-amd64 -fMGfEu / nginx-1.2.1 / debian / modules / nginx-auth-pam --add-module = / build / buildd nginx_1.2.1-2.1-amd64-fMGfEu / nginx-1.2.1 / debian / modules / nginx -echo --add-module=/build/buildd-nginx_1.2.1-2.1-amd64-fMGfEu/nginx-1.2.1/debian/modules/nginx-upstream-fair --add-module=/build/buildd-nginx_1.2.1-2.1-amd64-fMGfEu/nginx-1.2.1/debian/modules/nginx-dav-ext-module
root @ server1: ~ #

2. Installing the GeoIP database

 

On Debian / Ubuntu the GeoIP database can be installed as follows:

apt-get install geoip-database libgeoip1
 
This places the database in /usr/share/GeoIP/GeoIP.dat.
 
It is possible that this is not quite up to date. Therefore, you can download a current copy of the GeoIP website:
mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bak
cd /usr/share/GeoIP/
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz

3. Configure nginx

 

Open /etc/nginx/nginx.conf ...

vi /etc/nginx/nginx.conf

And ... to put the following in the http {} block, before any include lines:

[...]

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
FK no;
FM no;
EH no;
}
[...]
 
This allows all countries except the three that are set to no (you can find a list of countries). To make it the other way, ie to block all countries except for the specified, write it like this:
 
[...]

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
FK yes;
FM yes;
EH yes;
}
[...]
 
In truth, however, this makes no countries, but also sets the variable $ allowed_country. To actually block countries, open your vhost configuration and place the following in the server {} container (this can be placed both inside and outside of any location {} block):
 
[...]

if ($allowed_country = no) {
return 444;
}
[...]

Visitors from countries blocked a 444 error code is displayed. Here the connection is severed without sending header. You can also use a different error code, for example 403 ("Forbidden") if you want.

 

reload now nginx :

/etc/init.d/nginx reload

4. Links

nginx: http://nginx.org/
nginx Wiki: http://wiki.nginx.org/
HttpGeoipModule: http://wiki.nginx.org/HttpGeoipModule

Greetz Arctic

 


any support PM's be Ignored please use the Support section for it

 

Support





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users