You can use nginx to either allow or deny certain countries from accessing your site using the GeoIP database which maps IP addresses to the origin country.<\/p>\n
Nginx Installation \u2013 Nginx must already be installed on your server if it is not yet. Please see How to Install Ngin<\/a>x<\/p>\n Nginx must also be compiled with \u2013with-http_geoip_module<\/p>\n To make sure type the following<\/p>\n nginx -V 2>&1|grep –color=always with-http_geoip_module<\/p>\n You should see the returned output contain with-http_geoip_module<\/p>\n If it does not, you will need to change to the source direct copy the entire configuration line and append \u2013with-http_geoip_module to reconfigure<\/p>\n .\/configure –user=nginx –group=nginx –prefix=\/etc\/nginx –sbin-path=\/usr\/sbin\/nginx –conf-path=\/etc\/nginx\/nginx.conf –pid-path=\/var\/run\/nginx.pid –lock-path=\/var\/run\/nginx.lock –error-log-path=\/var\/log\/nginx\/error.log –http-log-path=\/var\/log\/nginx\/access.log –with-http_gzip_static_module –with-http_stub_status_module –with-http_ssl_module –with-pcre –with-file-aio –with-http_realip_module –without-http_scgi_module –without-http_uwsgi_module –with-http_realip_module –with-http_geoip_module<\/p>\n Then<\/p>\n make && make install<\/p>\n Create a new directory for the GeoIP database to go:<\/p>\n mkdir \/usr\/share\/geoip<\/p>\n Change to that directory:<\/p>\n cd \/usr\/share\/geoip<\/p>\n Get the latest GeoIP database, this is the free \u2018lite\u2019 version<\/a>. MaxMind also offers paid versions as well.<\/p>\n wget http:\/\/geolite.maxmind.com\/download\/geoip\/database\/GeoLiteCountry\/GeoIP.dat.gz<\/p>\n Gunzip the database:<\/p>\n gunzip GeoIP.dat.gz<\/p>\n Nginx needs a global configuration and then to be told in each server block to restrict IP access.<\/p>\n nano \/etc\/nginx\/nginx.conf<\/p>\n You will want to insert the following in to the http{} block<\/p>\n geoip_country \/usr\/share\/geoip\/GeoIP.dat; Each country code you want to block would be indicated above. This wont create the actual block it will just create the map. Next you will want to edit the server{} block and add the following<\/p>\n if ($allow_country = no) { You will then save the file and restart nginx<\/p>\n service nginx restart<\/p>\n Now any countries you have set to \u2018no\u2019 will receive a 403 forbidden page. This could be switched to only allow certain countries, by setting the default to no and entering each country with a yes next to it that you wanted to allow.<\/p>\n Jun 13, 2017LinuxAdmin.io<\/p>\nInstall the GeoIP Database<\/h2>\n
Configure Nginx<\/h2>\n
\nmap $geoip_country_code $allow_country {
\ndefault yes;
\nEG no;
\nFR no;
\nFI no;
\n}<\/p>\n
\nreturn 403;
\n}<\/p>\n