Menu
I am using --with-http_geoip_module for identify traffic. There are some pages that I only want certain country to access. Here is configuration:
For http
http{
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
}
The location directive:
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
The problem is when I using US/HK IPs, I get a 404 error. What did I done wrong?
UPDATE
Here is my complete conf file:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
index index.html index.htm;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
server_name localhost;
root /var/www/html;
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
try_files $uri $uri/ /index.php?$args;
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
#ban specifc country
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
location ~ \.php$ {
### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
include conf/site.conf;
}
}
}
Basically I want only visitor from US, UK and HK access /testing page.
488
Once launched, a website is available worldwide. However, in many cases, it's necessary to control your site access, especially when you want to stop spammers and hackers from particular countries. Fortunately, you can use your WordPress . htaccess file to allow or block visitors from specific countries.
Just log in and go to 'Threat Control', then where it says 'Add custom rule', start typing the full country name and then click it from the dropdown list. Click the big red 'Block' button and you're done! Block any countries you need to and then you'll see them listed in your 'Block list'.
There are several ways to block countries from accessing your website, and all of them involve using IP addresses and ranges to zero in on location. We recommend using a wp security plugin like MalCare or Wordfence, or even a plugin dedicated to geoblocking, like iQ Country Blocker.
Let's do it from beginning. As you didn't said what is your OS, all steps below will be separated for both Debian/Ubuntu and CentOS/Fedora/RHEL.
First of all, connect to your server by terminal/console (in linux - ssh username@server_ip) or Putty (in windows).
As you have already installed NGINX check if it is compiled with the HttpGeoipModule:
CentOS/Fedora/RHEL and Debian/Ubuntu:
nginx -V
And then try to find --with-http_geoip_module. If it exists then you can continue, else it means you have't compiled NGINX with GeoIP Module.
Debian/Ubuntu:
sudo apt-get install geoip-database libgeoip1
CentOS/Fedora/RHEL:
It is in EPEL repository, so you should enable it first:
CENTOS 4:
32bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/i386/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
64bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/4/x86_64/epel-release-4-10.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-4.rpm
CENTOS 5:
32bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/i386/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
64bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/5/x86_64/epel-release-5-4.noarch.rpm
rpm –Uvh http://rpms.famillecollet.com/enterprise/remi-release-5.rpm
CENTOS 6:
32bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/i386/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
64bit:
rpm -Uvh http://download.fedoraproject.org/pub/epel/6/x86_64/epel-release-6-8.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-6.rpm
CENTOS 7:
64bit:
rpm -Uvh http://dl.fedoraproject.org/pub/epel/7/x86_64/e/epel-release-7-5.noarch.rpm
rpm -Uvh http://rpms.famillecollet.com/enterprise/remi-release-7.rpm
Then:
yum install geoip geoip-devel -y
After installing GeoIP Module, the database will be stored in /usr/share/GeoIP/GeoIP.dat but it could be outdated. So, let's update:
mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bk
cd /usr/share/GeoIP/
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
Or, alternatively, you can download manually the database from http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz, extract on you computer and upload in /usr/share/GeoIP/ as GeoIP.dat. Don't forget to make a backup of old GeoIP.dat if you want to make as here.
Open /etc/nginx/nginx.conf (Ubuntu/Debian) or /etc/nginx/conf/nginx.conf (CentOS/Fedora/RHEL) and place this inside http {}, before any include:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
US yes;
UK yes;
HK yes;
}
This doesn't block countries. We only set $allowed_country.
Now, please open your virtualhost to configure (/etc/nginx/conf.d/YOURDOMAINHERE.conf) - place this inside server {}:
location /testing/ {
if ($allowed_country = no) {
return 403;
}
}
/testing/ is your website path which is accessible from US, UK and HK.
/etc/init.d/nginx reload
It was tested on both CentOS and Debian VPS and it is working.
Hope this will help you.
102
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
