I am using --with-http_geoip_module
for identify traffic. There are some pages that I only want certain country to access. Here is configuration:
For http
http{
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
}
The location
directive:
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
The problem is when I using US
/HK
IPs, I get a 404 error. What did I done wrong?
UPDATE
Here is my complete conf
file:
http {
include /etc/nginx/mime.types;
default_type application/octet-stream;
log_format main '$remote_addr - $remote_user [$time_local] "$request" '
'$status $body_bytes_sent "$http_referer" '
'"$http_user_agent" "$http_x_forwarded_for"';
access_log /var/log/nginx/access.log main;
geoip_country /usr/share/GeoIP/GeoIP.dat; # the country IP database
map $geoip_country_code $allowed_country {
default 0;
US 1;
UK 1;
HK 1;
}
sendfile on;
#tcp_nopush on;
#keepalive_timeout 0;
keepalive_timeout 65;
#gzip on;
index index.html index.htm;
# Load modular configuration files from the /etc/nginx/conf.d directory.
# See http://nginx.org/en/docs/ngx_core_module.html#include
# for more information.
include /etc/nginx/conf.d/*.conf;
server {
listen 80 default_server;
server_name localhost;
root /var/www/html;
include /etc/nginx/default.d/*.conf;
location / {
index index.php index.cgi index.pl index.html index.xhtml index.htm index.shtml;
try_files $uri $uri/ /index.php?$args;
}
# redirect server error pages to the static page /40x.html
#
error_page 404 /404.html;
location = /40x.html {
}
# redirect server error pages to the static page /50x.html
#
error_page 500 502 503 504 /50x.html;
location = /50x.html {
}
#ban specifc country
location = /testing {
if ($allowed_country = 0) {
return 301 ;
}
}
location ~ \.php$ {
### SET GEOIP Variables ###
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_split_path_info ^(.+?\.php)(/.*)$;
if (!-f $document_root$fastcgi_script_name) {
return 404;
}
try_files $uri $uri/ /index.php?$args;
fastcgi_pass unix:/run/php-fpm/php-fpm.sock;
fastcgi_index index.php;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
include fastcgi.conf;
include conf/site.conf;
}
}
}
Basically I want only visitor from US
, UK
and HK
access /testing
page.
Let's do it from beginning. As you didn't said what is your OS, all steps below will be separated for both Debian/Ubuntu and CentOS/Fedora/RHEL.
1. CONNECT TO SERVER:
First of all, connect to your server by terminal/console (in linux -
ssh username@server_ip
) or Putty (in windows).2. VERIFY GEOIP MODULE:
As you have already installed NGINX check if it is compiled with the
HttpGeoipModule
:CentOS/Fedora/RHEL and Debian/Ubuntu:
And then try to find
--with-http_geoip_module
. If it exists then you can continue, else it means you have't compiled NGINX withGeoIP Module
.3. INSTALL GEOIP DATABASE:
Debian/Ubuntu:
CentOS/Fedora/RHEL:
It is in EPEL repository, so you should enable it first:
CENTOS 4:
32bit:
64bit:
CENTOS 5:
32bit:
64bit:
CENTOS 6:
32bit:
64bit:
CENTOS 7:
64bit:
Then:
4. Update GeoIP Database
After installing GeoIP Module, the database will be stored in
/usr/share/GeoIP/GeoIP.dat
but it could be outdated. So, let's update:Or, alternatively, you can download manually the database from
http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
, extract on you computer and upload in/usr/share/GeoIP/
asGeoIP.dat
. Don't forget to make a backup of oldGeoIP.dat
if you want to make as here.5. Configuring NGINX with GeoIP
Open
/etc/nginx/nginx.conf
(Ubuntu/Debian) or/etc/nginx/conf/nginx.conf
(CentOS/Fedora/RHEL) and place this insidehttp {}
, before anyinclude
:This doesn't block countries. We only set $allowed_country.
Now, please open your
virtualhost
to configure (/etc/nginx/conf.d/YOURDOMAINHERE.conf
) - place this insideserver {}
:/testing/
is your website path which is accessible from US, UK and HK.6. Restarting NGINX
It was tested on both CentOS and Debian VPS and it is working.
Hope this will help you.