How to block visiotrs by country without using GEoIP module

August 8, 2019 887 views
Nginx Ubuntu 18.04
NewCustomer
By:
NewCustomer

Hello! recently I installed the GeoIp module and followed the tutorial provided in this link https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu but it seems the GeoIp module is not able to block the visitors from a particular country.

For instance, I wanted to block the visitors from Japan, I tried using proxy for Japan and I could still access my site. Not only that, my analytics report shows some users from Japan. So I am definitely sure the GeopIp is not doing the work.

I want to known if there are other ways to block visitors by country, any other NGinx modules or settings.

Any help will be grateful!

Thank you

Sign In to Comment
1 Answer
bobbyiliev MOD August 8, 2019

Hello,

Usually you should be able to do that with GeoIP, but if it does not work you could try using CSF and block specific countries by adding the country code in the CCDENY list in CSF.

Another method would be to use CloudFlare and block the traffic through there. The good thing of doing this is that the traffic would be filtered even before it reaches your server.

Hope that this helps!
Regards,
Bobby

Report
  • NewCustomer August 8, 2019

    Any tutorial link for setting up CSF in Ubuntu?

    In cloudfare it seems the feature for blocking a country is available only in Enterprise plan not in any plan lower than that.

    [edited] I just found some ways to block country using cloudfare. I think I’ll give that a try first.

    I read that GeoIp database will no longer be updated and GeoIp2 is now a preferred module, but I could not find any tutorial on how to upgrade from GeoIp to GeoIp2.

    Thank for the reply.

    Report
    • bobbyiliev MOD August 9, 2019

      Hello,

      Regarding CSF, you need to make sure that you are not using any other firewall as there might be some conflicts. If you are not using a firewall on your server at the moment, then you could follow these steps here:

      First install the CSF dependencies:

      apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl

      Go to your src folder:

      cd /usr/src

      Make sure that there are no old csf archives there:

      rm -fv csf.tgz

      Then download the CSF files:

      wget https://download.configserver.com/csf.tgz

      Extract the tar files:

      tar -xzf csf.tgz

      Go to the CSF folder:

      cd csf

      Run the CSF install script:

      sh install.sh

      Next, test whether you have the required iptables modules:

      perl /usr/local/csf/bin/csftest.pl

      As long as you don’t get a fatal error then the script should run fine.

      That is pretty much it, then you could disable the testing mode in CSF, in your /etc/csf/csf.conf file change this line:

      TESTING = "0"

      To:

      TESTING = "1"

      This would enable the firewall, you just need to give it a quick restart:

      csf -r

      This is pretty much it. Then again in your csf.conf file you could block specific IPs by adding them to CC_DENY = "" list. Each option is a comma separated list of CC’s, e.g. “US,GB,DE”.

      Hope that this helps!
      Regards,
      Bobby

      Report
Have another answer? Share your knowledge.

You can type !ref in this text area to quickly search our full set of tutorials, documentation & marketplace offerings and insert the link!

Related