Question

How to block visiotrs by country without using GEoIP module

Posted August 8, 2019 1.4k views
NginxUbuntu 18.04

Hello! recently I installed the GeoIp module and followed the tutorial provided in this link https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu but it seems the GeoIp module is not able to block the visitors from a particular country.

For instance, I wanted to block the visitors from Japan, I tried using proxy for Japan and I could still access my site. Not only that, my analytics report shows some users from Japan. So I am definitely sure the GeopIp is not doing the work.

I want to known if there are other ways to block visitors by country, any other NGinx modules or settings.

Any help will be grateful!

Thank you

These answers are provided by our Community. If you find them useful, show some love by clicking the heart. If you run into issues leave a comment, or add your own answer to help others.

×
1 answer

Hello,

Usually you should be able to do that with GeoIP, but if it does not work you could try using CSF and block specific countries by adding the country code in the CCDENY list in CSF.

Another method would be to use CloudFlare and block the traffic through there. The good thing of doing this is that the traffic would be filtered even before it reaches your server.

Hope that this helps!
Regards,
Bobby

  • Any tutorial link for setting up CSF in Ubuntu?

    In cloudfare it seems the feature for blocking a country is available only in Enterprise plan not in any plan lower than that.

    [edited] I just found some ways to block country using cloudfare. I think I’ll give that a try first.

    I read that GeoIp database will no longer be updated and GeoIp2 is now a preferred module, but I could not find any tutorial on how to upgrade from GeoIp to GeoIp2.

    Thank for the reply.

    • Hello,

      Regarding CSF, you need to make sure that you are not using any other firewall as there might be some conflicts. If you are not using a firewall on your server at the moment, then you could follow these steps here:

      First install the CSF dependencies:

      apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl
      

      Go to your src folder:

      cd /usr/src
      

      Make sure that there are no old csf archives there:

      rm -fv csf.tgz
      

      Then download the CSF files:

      wget https://download.configserver.com/csf.tgz
      

      Extract the tar files:

      tar -xzf csf.tgz
      

      Go to the CSF folder:

      cd csf
      

      Run the CSF install script:

      sh install.sh
      

      Next, test whether you have the required iptables modules:

      perl /usr/local/csf/bin/csftest.pl 
      

      As long as you don’t get a fatal error then the script should run fine.

      That is pretty much it, then you could disable the testing mode in CSF, in your /etc/csf/csf.conf file change this line:

      TESTING = "0"
      

      To:

      TESTING = "1"
      

      This would enable the firewall, you just need to give it a quick restart:

      csf -r
      

      This is pretty much it. Then again in your csf.conf file you could block specific IPs by adding them to CC_DENY = "" list. Each option is a comma separated list of CC’s, e.g. “US,GB,DE”.

      Hope that this helps!
      Regards,
      Bobby

Submit an Answer