How to protect a website from a visitor from unwanted countries
For Nginx users.
You need Nginx version with geoip_module. There is two way. First and simplest way is install from a repository nginx-extras or nginx-full. Second way is compile from source. I will not scramble your brains; google can do it instead of me. I will tell to configure and use. Please, create dir /usr/local/share/GeoIP/ or where you wish. Then create this simple shell script and run it.
#!/bin/sh
GEOIP_MIRROR="https://geolite.maxmind.com/download/geoip/database"
GEOIPDIR=/usr/local/share/GeoIP/
TMPDIR=
DATABASES="GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6"
if [ -d "${GEOIPDIR}" ]; then
cd $GEOIPDIR
if [ -n "${DATABASES}" ]; then
TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX)
echo "Updating GeoIP databases..."
for db in $DATABASES; do
fname=$(basename $db)
wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/${db}.dat.gz" -O "${TMPDIR}/${fname}.dat.gz"
gunzip -fdc "${TMPDIR}/${fname}.dat.gz" > "${TMPDIR}/${fname}.dat"
mv "${TMPDIR}/${fname}.dat" "${GEOIPDIR}/${fname}.dat"
chmod 0644 "${GEOIPDIR}/${fname}.dat"
done
[ -d "${TMPDIR}" ] && rm -rf $TMPDIR
fi
fi
You will have new files GeoIPASNum.dat GeoIP.dat GeoIPv6.dat GeoLiteCity.dat. It would be a good idea to add this script to cron for update database monthly. It is indispensably add to /etc/nginx/nginx.conf these lines:
geoip_country /usr/local/share/GeoIP/GeoIP.dat;
geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;
#Block rules
map $geoip_country_code $sb_allow {
default yes;
AS no;
RU no;
AF no;
OC no;
A1 no;
AP no;
CN no;
}
I am use and recommend use PHP-FPM vs HHVM, therefore I have added these lines in to virtual site configuration file.
server {
...
if ($sb_allow = no) {
rewrite ^(.*)$ https://blockedtoday.com permanent;
}
...
location ~ ^.+.php(?:/.*)?$
{
...
fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;
...
}
<html> <body> <?php $geoip_country_code = getenv(GEOIP_COUNTRY_CODE); /* $geoip_country_code = $_SERVER['GEOIP_COUNTRY_CODE']; // works as well */ $geoip_country_code3 = getenv(GEOIP_COUNTRY_CODE3); $geoip_country_name = getenv(GEOIP_COUNTRY_NAME); $geoip_city_country_code = getenv(GEOIP_CITY_COUNTRY_CODE); $geoip_city_country_code3 = getenv(GEOIP_CITY_COUNTRY_CODE3); $geoip_city_country_name = getenv(GEOIP_CITY_COUNTRY_NAME); $geoip_region = getenv(GEOIP_REGION); $geoip_city = getenv(GEOIP_CITY); $geoip_postal_code = getenv(GEOIP_POSTAL_CODE); $geoip_city_continent_code = getenv(GEOIP_CITY_CONTINENT_CODE); $geoip_latitude = getenv(GEOIP_LATITUDE); $geoip_longitude = getenv(GEOIP_LONGITUDE); echo 'country_code: '.$geoip_country_code.'<br>'; echo 'country_code3: '.$geoip_country_code3.'<br>'; echo 'country_name: '.$geoip_country_name.'<br>'; echo 'city_country_code: '.$geoip_city_country_code.'<br>'; echo 'city_country_code3: '.$geoip_city_country_code3.'<br>'; echo 'city_country_name: '.$geoip_city_country_name.'<br>'; echo 'region: '.$geoip_region.'<br>'; echo 'city: '.$geoip_city.'<br>'; echo 'postal_code: '.$geoip_postal_code.'<br>'; echo 'city_continent_code: '.$geoip_city_continent_code.'<br>'; echo 'latitude: '.$geoip_latitude.'<br>'; echo 'longitude: '.$geoip_longitude.'<br>'; ?> </body> </html>
In .htaccess add this rules, with list of countries which you want to block.
RewriteEngine On
RewriteBase /
RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AS|RU|AF|OC|A1|AP|CN)$
RewriteRule ^(.*)$ https://blockedtoday.com [R,L]
More detailed on maxmind.com and Country code list. Thanks for reading.
Leave comments