Question

Block Some Countries from visiting my website

I’m currently using NginX on my Server and i want to block some countries from visiting my website. Can anyone help me please?

Show comments

Submit an answer

This textbox defaults to using Markdown to format your answer.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Sign In or Sign Up to Answer

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

Want to learn more? Join the DigitalOcean Community!

Join our DigitalOcean community of over a million developers for free! Get help and share knowledge in Q&A, subscribe to topics of interest, and get courses and tools that will help you grow as a developer and scale your project or business.

With Nginx, this can be accomplished using the GeoIP module. First, you’ll need to make sure that you have the GeoIP database installed:

sudo apt-get install geoip-database libgeoip1

Then in your Nginx configuration, you can add the list of countries to block using the two letter country code:

        geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $allow_visit {
           default yes;
           US no;
        }

This must be outside of a server block, usually in /etc/nginx/nginx.conf. Next, you need to specify what should happen to the blocked countries. This is done inside of your server block, usually /etc/nginx/sites-enabled/default :

        if ($allow_visit = no) {
            return 403;
        }

This example gives them a 403 error, but you can create a custom error page or redirect them off site as well using standard Nginx directives.

Hello there,

I can help with answering the last question. - "How are you going to determine the “country” of an IP? "

You can use Firewall tools like CSF on your server. If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:

For CentOS:

https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos

For Ubuntu:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

Another option is to use a third-party service like CloudFlare. They have a Firewall feature in which you can block/allow access from different IP addresses or whole country ranges.

https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/

Just enter an IP address, an IP range, or a two-letter country code you wish to block

Hope that this helps!

Hello there,

In order to block a country, you can use the CC_DENY option which accepts two-letter country codes such as US, GB and etc.

In order to list more than one country you just need to separate them using commas:

CC_DENY = "AB,CD,EF"

You may find a list of ISO 3166-1 alpha-2 code at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:

For CentOS:

https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos

For Ubuntu:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

Hope that this helps!