NGINX Code snippet: Block Countries

To limit access to users from certain countries you can use Nginx with the GeoIP module.

Install the necessary packages on the system:

Debian/Ubuntu

sudo apt-get install nginx-module-geoip

CentOS

yum install nginx-module-geoip

This next section is outdated and requires your license-key or use of "old" data. You need to change this based on your OS or usage of file.

Update the GeoIP base to the current version:

## Check first this location https://dev.maxmind.com/geoip/updating-databases?lang=en
## mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bak
# cd /usr/share/GeoIP/
## Old location that doesn't exist anymore but added for transparency / history
## wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
# gunzip GeoIP.dat.gz

Checking Requirements

With nginx -V, check that the Nginx binary is built with --with-http_geoip_module

Updated to reflect Ukraine whitelisting/Russia blocking.

Create block.map.include in conf

Blacklist example

geoip_country /usr/share/GeoIP/GeoIP.dat;  
map $geoip_country_code $allowed_country {  
    default yes;
    CN no;
    VN no;
    TW no;
    RU no;
}

Whitelist example

geoip_country /usr/share/GeoIP/GeoIP.dat;  
map $geoip_country_code $allowed_country {
    default no;
    SE yes;
    NL yes;
    UA yes;
}

in /etc/nginx/nginx.conf in http add the following

include include/block.map.include;

in the virtual host/server part add:

    if ($allowed_country = no) { return 404; }

Don't forget to test and reload Nginx to apply changes

Similar shinnanigans can be performed with date/time for access on Sundays or not etc.