
How to protect a website from a visitor from unwanted countries
For Nginx users.
You need Nginx version with geoip_module. There is two way. First and simplest way is install from a repository nginx-extras or nginx-full. Second way is compile from source. I will not scramble your brains; google can do it instead of me. I will tell to configure and use. Please, create dir /usr/local/share/GeoIP/ or where you wish. Then create this simple shell script and run it.
#!/bin/sh GEOIP_MIRROR="https://geolite.maxmind.com/download/geoip/database" GEOIPDIR=/usr/local/share/GeoIP/ TMPDIR= DATABASES="GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6" if [ -d "${GEOIPDIR}" ]; then cd $GEOIPDIR if [ -n "${DATABASES}" ]; then TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX) echo "Updating GeoIP databases..." for db in $DATABASES; do fname=$(basename $db) wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/${db}.dat.gz" -O "${TMPDIR}/${fname}.dat.gz" gunzip -fdc "${TMPDIR}/${fname}.dat.gz" > "${TMPDIR}/${fname}.dat" mv "${TMPDIR}/${fname}.dat" "${GEOIPDIR}/${fname}.dat" chmod 0644 "${GEOIPDIR}/${fname}.dat" done [ -d "${TMPDIR}" ] && rm -rf $TMPDIR fi fi
You will have new files GeoIPASNum.dat GeoIP.dat GeoIPv6.dat GeoLiteCity.dat. It would be a good idea to add this script to cron for update database monthly. It is indispensably add to /etc/nginx/nginx.conf these lines:
geoip_country /usr/local/share/GeoIP/GeoIP.dat; geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat; #Block rules map $geoip_country_code $sb_allow { default yes; AS no; RU no; AF no; OC no; A1 no; AP no; CN no; }
I am use and recommend use PHP-FPM vs HHVM, therefore I have added these lines in to virtual site configuration file.
server { ... if ($sb_allow = no) { rewrite ^(.*)$ https://blockedtoday.com permanent; } ... location ~ ^.+.php(?:/.*)?$ { ... fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code; fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3; fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name; fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code; fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3; fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name; fastcgi_param GEOIP_REGION $geoip_region; fastcgi_param GEOIP_CITY $geoip_city; fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code; fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code; fastcgi_param GEOIP_LATITUDE $geoip_latitude; fastcgi_param GEOIP_LONGITUDE $geoip_longitude; ... }
<html> <body> <?php $geoip_country_code = getenv(GEOIP_COUNTRY_CODE); /* $geoip_country_code = $_SERVER['GEOIP_COUNTRY_CODE']; // works as well */ $geoip_country_code3 = getenv(GEOIP_COUNTRY_CODE3); $geoip_country_name = getenv(GEOIP_COUNTRY_NAME); $geoip_city_country_code = getenv(GEOIP_CITY_COUNTRY_CODE); $geoip_city_country_code3 = getenv(GEOIP_CITY_COUNTRY_CODE3); $geoip_city_country_name = getenv(GEOIP_CITY_COUNTRY_NAME); $geoip_region = getenv(GEOIP_REGION); $geoip_city = getenv(GEOIP_CITY); $geoip_postal_code = getenv(GEOIP_POSTAL_CODE); $geoip_city_continent_code = getenv(GEOIP_CITY_CONTINENT_CODE); $geoip_latitude = getenv(GEOIP_LATITUDE); $geoip_longitude = getenv(GEOIP_LONGITUDE); echo 'country_code: '.$geoip_country_code.'<br>'; echo 'country_code3: '.$geoip_country_code3.'<br>'; echo 'country_name: '.$geoip_country_name.'<br>'; echo 'city_country_code: '.$geoip_city_country_code.'<br>'; echo 'city_country_code3: '.$geoip_city_country_code3.'<br>'; echo 'city_country_name: '.$geoip_city_country_name.'<br>'; echo 'region: '.$geoip_region.'<br>'; echo 'city: '.$geoip_city.'<br>'; echo 'postal_code: '.$geoip_postal_code.'<br>'; echo 'city_continent_code: '.$geoip_city_continent_code.'<br>'; echo 'latitude: '.$geoip_latitude.'<br>'; echo 'longitude: '.$geoip_longitude.'<br>'; ?> </body> </html>
In .htaccess add this rules, with list of countries which you want to block.
RewriteEngine On RewriteBase / RewriteCond %{ENV:GEOIP_COUNTRY_CODE} ^(AS|RU|AF|OC|A1|AP|CN)$ RewriteRule ^(.*)$ https://blockedtoday.com [R,L]
More detailed on maxmind.com and Country code list. Thanks for reading.
Leave comments