How to Block IP from Specific Countries in NGINX


block ip from specific countries in nginx

If your website is targeted only for specific countries, then it might be attracting irrelevant visitors from other countries. Sometimes, your website might also be getting malicious visitors who attack your website. In these cases, it might be a good idea to simply block users from specific countries that are irrelevant to your website, or known for sending suspicious traffic. Let us take a look at how to block IP from specific countries in NGINX.

 

How to Block IP from Specific Countries in NGINX

Here are the steps to block IP from specific countries in NGINX. We will be using the GeoIP module to block detect visitors from specific countries.

 

1. Install GeoIP module

Open terminal or SSH into your Linux system and run the following commands

$ sudo apt-get update
$ sudo apt-get install nginx-full geoip-database

 

2. Update GeoIP database

You need to manually download and update GeoIP’s database

$ sudo wget -N http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
$ sudo gunzip GeoLiteCity.dat.gz
$ sudo mv GeoLiteCity.dat /usr/share/GeoIP/

 

3. Configure NGINX

Open Nginx config file in a text editor.

You will find it at one of the following locations, depending on the type of installation


/etc/nginx/conf.d/default.conf
/etc/nginx/sites-enabled/default
/etc/nginx/nginx.conf

 


$ sudo vim /etc/nginx/nginx.conf

 

Update the http block to add the location of your GeoIP module’s database.

 

http {
  geoip_city /usr/share/GeoIP/GeoLiteCity.dat;
  ...
}

 

Save & close the file

 

4. Configure Virtual Host

Next, open the default virtual host file in NGINX

$ sudo vim /etc/nginx/sites-available/default

If you have configured virtual host elsewhere, update the path above.

 

Create a map block as shown below. Map is an NGINX block that allows you to map a variable $allowed_country (yes/no) based on server variable $geoip_country_code which becomes available after the installation of geoip module.

 

map $geoip_country_code $allowed_country {
  US      yes;
  UK      yes;
  IN      no;
  CN      no;
}

 

Next, we add an if condition to check the request’s host name and block it (return 444 code) if it is from one of the blocked countries.

server {
  server_name example.com;
if ($allowed_country = no) {
    return 444;
  }
... }

Here’s the list of country codes you can use to block visitors from other countries.

 

5. Reload NGINX web server

Test the config file to ensure there are no errors.

$ sudo nginx -t

 

If you get no error message, reload NGINX server to apply changes.

$ sudo service nginx reload

 

That’s it! NGINX will now automatically block visitors based on country codes.

 

 

About Sreeram Sreenivasan

Sreeram Sreenivasan is the Founder of Ubiq, a business dashboard & reporting platform for small & medium businesses. Ubiq makes it easy to build business dashboards & reports for your business. Try it for free today!