Question

Block Some Countries from visiting my website

  • Posted October 16, 2014

I’m currently using NginX on my Server and i want to block some countries from visiting my website. Can anyone help me please?

Subscribe
Share

If your nginx compiled with http_geoip_module (you can check executing /usr/local/nginx/sbin/nginx -V or where ever you have binary) then:

  1. Install geoip database. That package provide you also monthly update of database

sudo apt-get install geoip-database-contrib -y 2. Include into your http block following:

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
        default yes;
        RU no;
    }
    geo $exclusions {
        default 0;
        10.8.0.0/24 1;
    }
  1. Include in your server block following:
        if ($allowed_country = yes) {
                set $exclusions 1;
        }
        if ($exclusions = "0") {
                return 444;
        }

That’s it


Submit an answer
You can type!ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

With Nginx, this can be accomplished using the GeoIP module. First, you’ll need to make sure that you have the GeoIP database installed:

sudo apt-get install geoip-database libgeoip1

Then in your Nginx configuration, you can add the list of countries to block using the two letter country code:

        geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $allow_visit {
           default yes;
           US no;
        }

This must be outside of a server block, usually in /etc/nginx/nginx.conf. Next, you need to specify what should happen to the blocked countries. This is done inside of your server block, usually /etc/nginx/sites-enabled/default :

        if ($allow_visit = no) {
            return 403;
        }

This example gives them a 403 error, but you can create a custom error page or redirect them off site as well using standard Nginx directives.

With Nginx, this can be accomplished using the GeoIP module. First, you’ll need to make sure that you have the GeoIP database installed:

sudo apt-get install geoip-database libgeoip1

Then in your Nginx configuration, you can add the list of countries to block using the two letter country code:

        geoip_country /usr/share/GeoIP/GeoIP.dat;
        map $geoip_country_code $allow_visit {
           default yes;
           US no;
        }

This must be outside of a server block, usually in /etc/nginx/nginx.conf. Next, you need to specify what should happen to the blocked countries. This is done inside of your server block, usually /etc/nginx/sites-enabled/default :

        if ($allow_visit = no) {
            return 403;
        }

This example gives them a 403 error, but you can create a custom error page or redirect them off site as well using standard Nginx directives.

Hello there,

I can help with answering the last question. - "How are you going to determine the “country” of an IP? "

You can use Firewall tools like CSF on your server. If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:

For CentOS:

https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos

For Ubuntu:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

Another option is to use a third-party service like CloudFlare. They have a Firewall feature in which you can block/allow access from different IP addresses or whole country ranges.

https://serverpilot.io/docs/how-to-block-ips-with-cloudflare/

Just enter an IP address, an IP range, or a two-letter country code you wish to block

Hope that this helps!

Hello there,

In order to block a country, you can use the CC_DENY option which accepts two-letter country codes such as US, GB and etc.

In order to list more than one country you just need to separate them using commas:

CC_DENY = "AB,CD,EF"

You may find a list of ISO 3166-1 alpha-2 code at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:

For CentOS:

https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos

For Ubuntu:

https://www.digitalocean.com/community/tutorials/how-to-install-and-configure-config-server-firewall-csf-on-ubuntu

Hope that this helps!

Your site is exactly what I have looking for!! It certainly helps a frequent traveler like me to locate all the stamp shows when traveling. Keep up with the good work.

Hi all, I used this method to block access to /wp-admin location from all countries except some preferred.

location /wp-admin {
    if ($allowed_country = no) {
        return 403;
    }
}

It works fine when trying to open this page in browser. But still I can see in access.log many POST requests and in worpdress logs failed login requests from rejected countries. Is possible to use geoip-database-contrib module also for POST requests?

I tried:

location /wp-admin {
    if ($allowed_country = no) {
        deny all;
    }
}

but after reload nginx doesnt start at all. Do you have any ideas?

This comment has been deleted

This comment has been deleted