How to block country to access website using NGINX in CentOS 8?

Hello there,

You can use Nginx’s http_geoip_module to restrict access from a specific geo-location or country to your website. You can check the following article:

https://fedingo.com/how-to-block-ip-by-country-in-nginx/

Another thing is using iptables to block the traffic before reaching Nginx at all. I found this guide that should be helpful. This references blocking Chinese IPs and the script near the bottom uses a third-party service to source the IP lists.

https://mattwilcox.net/web-development/unexpected-ddos-blocking-china-with-ipset-and-iptables/

Hope that this helps!

Hi @hetalpatel,

I’m not sure Nginx is the right place for this block. This is more of a firewall thing. As such, I’ll suggest adding the country block level on your firewall.

I’ve used CSF for such measures and I can confirm it works properly. In order to block a country you can use the CC_DENY option which accept two-letter country codes such as US, GB and etc.

In order to list more than one country you just need to separate them using comas:

CC_DENY = "AB,CD,EF"

You may find a list of ISO 3166-1 alpha-2 codes at https://en.wikipedia.org/wiki/ISO_3166-1_alpha-2

If you’re not familiar with CSF or you want to install it on CentOS or Ubuntu droplet check out this mini tutorial:

For CentOS:

https://www.digitalocean.com/community/questions/how-to-install-and-configure-config-server-firewall-csf-on-centos