How to block visiotrs by country without using GEoIP module

Question

Hello! recently I installed the GeoIp module and followed the tutorial provided in this link https://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu but it seems the GeoIp module is not able to block the visitors from a particular country.

For instance, I wanted to block the visitors from Japan, I tried using proxy for Japan and I could still access my site. Not only that, my analytics report shows some users from Japan. So I am definitely sure the GeopIp is not doing the work.

I want to known if there are other ways to block visitors by country, any other NGinx modules or settings.

Any help will be grateful!

Thank you

Answer 1

bobbyiliev August 8, 2019

Hello,

Usually you should be able to do that with GeoIP, but if it does not work you could try using CSF and block specific countries by adding the country code in the CCDENY list in CSF.

Another method would be to use CloudFlare and block the traffic through there. The good thing of doing this is that the traffic would be filtered even before it reaches your server.

Hope that this helps!
Regards,
Bobby

Reply Report

NewCustomer August 8, 2019

Any tutorial link for setting up CSF in Ubuntu?

In cloudfare it seems the feature for blocking a country is available only in Enterprise plan not in any plan lower than that.

[edited] I just found some ways to block country using cloudfare. I think I’ll give that a try first.

I read that GeoIp database will no longer be updated and GeoIp2 is now a preferred module, but I could not find any tutorial on how to upgrade from GeoIp to GeoIp2.

Thank for the reply.
Reply Report
- bobbyiliev August 9, 2019
  
  Hello,
  
  Regarding CSF, you need to make sure that you are not using any other firewall as there might be some conflicts. If you are not using a firewall on your server at the moment, then you could follow these steps here:
  
  First install the CSF dependencies:
  
  apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl
  
  Go to your src folder:
  
  cd /usr/src
  
  Make sure that there are no old csf archives there:
  
  rm -fv csf.tgz
  
  Then download the CSF files:
  
  wget https://download.configserver.com/csf.tgz
  
  Extract the tar files:
  
  tar -xzf csf.tgz
  
  Go to the CSF folder:
  
  cd csf
  
  Run the CSF install script:
  
  sh install.sh
  
  Next, test whether you have the required iptables modules:
  
  perl /usr/local/csf/bin/csftest.pl
  
  As long as you don’t get a fatal error then the script should run fine.
  
  That is pretty much it, then you could disable the testing mode in CSF, in your /etc/csf/csf.conf file change this line:
  
  TESTING = "0"
  
  To:
  
  TESTING = "1"
  
  This would enable the firewall, you just need to give it a quick restart:
  
  csf -r
  
  This is pretty much it. Then again in your csf.conf file you could block specific IPs by adding them to CC_DENY = "" list. Each option is a comma separated list of CC’s, e.g. “US,GB,DE”.
  
  Hope that this helps!
  Regards,
  Bobby
  
  Reply Report

Answer 2

NewCustomer August 8, 2019

Any tutorial link for setting up CSF in Ubuntu?

In cloudfare it seems the feature for blocking a country is available only in Enterprise plan not in any plan lower than that.

[edited] I just found some ways to block country using cloudfare. I think I’ll give that a try first.

I read that GeoIp database will no longer be updated and GeoIp2 is now a preferred module, but I could not find any tutorial on how to upgrade from GeoIp to GeoIp2.

Thank for the reply.
Reply Report
- bobbyiliev August 9, 2019
  
  Hello,
  
  Regarding CSF, you need to make sure that you are not using any other firewall as there might be some conflicts. If you are not using a firewall on your server at the moment, then you could follow these steps here:
  
  First install the CSF dependencies:
  
  apt-get install libwww-perl liblwp-protocol-https-perl libgd-graph-perl
  
  Go to your src folder:
  
  cd /usr/src
  
  Make sure that there are no old csf archives there:
  
  rm -fv csf.tgz
  
  Then download the CSF files:
  
  wget https://download.configserver.com/csf.tgz
  
  Extract the tar files:
  
  tar -xzf csf.tgz
  
  Go to the CSF folder:
  
  cd csf
  
  Run the CSF install script:
  
  sh install.sh
  
  Next, test whether you have the required iptables modules:
  
  perl /usr/local/csf/bin/csftest.pl
  
  As long as you don’t get a fatal error then the script should run fine.
  
  That is pretty much it, then you could disable the testing mode in CSF, in your /etc/csf/csf.conf file change this line:
  
  TESTING = "0"
  
  To:
  
  TESTING = "1"
  
  This would enable the firewall, you just need to give it a quick restart:
  
  csf -r
  
  This is pretty much it. Then again in your csf.conf file you could block specific IPs by adding them to CC_DENY = "" list. Each option is a comma separated list of CC’s, e.g. “US,GB,DE”.
  
  Hope that this helps!
  Regards,
  Bobby
  
  Reply Report

Related

Question

How to block visiotrs by country without using GEoIP module

Related

Leave a comment

Looking for something else?

Sign up for our newsletter

Related

Question

How to block visiotrs by country without using GEoIP module

Related

Leave a comment

Related

question

What is the virtual host configuration for a ZF3 application with nginx?

question

It has been 3 days and my domain is still not active

question

After applying cloud firewall my site is not working!!

question

WHat does 'thr'mean in htop

Looking for something else?