I want to block a particular country's visitors to access my website www.mainwebsite.com through Nginx and GeoIP Module.
First I tried on www.test.com. What steps I followed on test website,www.test.com, before trying on www.mainwebsite.com
- Installing GeoIP:
sudo apt update && sudo apt-get install geoip-database
- Check GeoIP Module is installed or not:
nginx -V 2>&1|grep --color=always with-http_geoip_module
- Download the GeoIP Database:
sudo mkdir /etc/nginx/GeoIP/
Placed GeoIP.dat file to /etc/nginx/GeoIP/ location.
- Configure Nginx and Virtual Host. sudo vi /etc/nginx/nginx.conf
http{
##
# Basic Settings
##
geoip_country /etc/nginx/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
IN no;
}
}
Save and exit.
- sudo vi /etc/nginx/site-available/test.com Added the map line in starting outside of server{......}
map $geoip_country_code $allowed_country {
default yes;
IN no;
}
After that, inside server{......} setting, add the IF condition.
if ($allowed_country = no) {
return 403;
}
Save and exit.
- Reload and restart nginx
sudo service nginx reload
sudo service nginx restart
So www.test.com is directly hosted on Ec2 instance test-server-01 with public Network/IP, Blocking worked and users were not able to access from blocked country.
www.mainwebsite.com is hosted to classic load balancer and ec2 instances are attached to classic load balancer.
For testing, I created 2 replica server of test-server-01 server and created new load balancer and attached both replica servers behind the load balancer and pointed www.test.com to new load balancer. But Geo Country blocking didn't work so I added 2 below lines above IF condition which (If condition) is mentioned in point 5, then blocking worked.
real_ip_header X-Forwarded-For;
set_real_ip_from 0.0.0.0/0;
Now I followed the same steps 1 to 6 for www.mainwebsite.com and made the changes in nginx.conf & /etc/nginx/site-available/mainwebsite.com but country blocking didn't work.
I have a doubt here that, for www.test.com, the contents of /etc/nginx/site-available/test.com and linked file /etc/nginx/site-enabled/test.com are same.
But for www.mainwebsite.com, the content of files /etc/nginx/site-available/mainwebsite.com and /etc/nginx/site-enabled/mainwebsite.com are not same.
/etc/nginx/site-enabled/mainwebsite.com has some extra contents like:
Outside of server{} block-
# Expires map
map $sent_http_content_type $expires {
default off;
text/html epoch;
text/css max;
application/javascript max;
~image/ max;
application/font-woff max;
}
and inside the server{} block.
server_name www.mainwebsite.com;
rewrite ^/blog/blogs$ https://www.mainwebsite.com/blogs permanent;
rewrite ^/companies https://www.mainwebsite.com.com/company permanent;
rewrite ^/events-2/* https://www.mainwebsite.com/events permanent;
Is this actual reason that's why country blocking is not working? Or there can be other reasons? Please help me out.