Please wait...

How to protect a website from a visitor from unwanted countries

How to protect a website from a visitor from unwanted countries

For Nginx users.

You need Nginx version with geoip_module. There is two way. First and simplest way is install from a repository nginx-extras or nginx-full. Second way is compile from source. I will not scramble your brains; google can do it instead of me. I will tell to configure and use. Please, create dir /usr/local/share/GeoIP/ or where you wish. Then create this simple shell script and run it.

DATABASES="GeoLiteCity GeoLiteCountry/GeoIP asnum/GeoIPASNum GeoIPv6"
if [ -d "${GEOIPDIR}" ]; then
 if [ -n "${DATABASES}" ]; then
 TMPDIR=$(mktemp -d geoipupdate.XXXXXXXXXX)
echo "Updating GeoIP databases..."
 for db in $DATABASES; do
 fname=$(basename $db)
 wget --no-verbose -t 3 -T 60 "${GEOIP_MIRROR}/${db}.dat.gz" -O "${TMPDIR}/${fname}.dat.gz"
 gunzip -fdc "${TMPDIR}/${fname}.dat.gz" > "${TMPDIR}/${fname}.dat"
 mv "${TMPDIR}/${fname}.dat" "${GEOIPDIR}/${fname}.dat"
 chmod 0644 "${GEOIPDIR}/${fname}.dat"
 [ -d "${TMPDIR}" ] && rm -rf $TMPDIR

You will have new files GeoIPASNum.dat GeoIP.dat GeoIPv6.dat GeoLiteCity.dat. It would be a good idea to add this script to cron for update database monthly. It is indispensably add to /etc/nginx/nginx.conf these lines:

geoip_country /usr/local/share/GeoIP/GeoIP.dat;
geoip_city /usr/local/share/GeoIP/GeoLiteCity.dat;

#Block rules
 map $geoip_country_code $sb_allow {
 default yes;
 AS no;
 RU no;
 AF no;
 OC no;
 A1 no;
 AP no;
 CN no;

I am use and recommend use PHP-FPM vs HHVM, therefore I have added these lines in to virtual site configuration file.

server {
 if ($sb_allow = no) {
 rewrite ^(.*)$ permanent;

location ~ ^.+.php(?:/.*)?$
 fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
 fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
 fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
 fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
 fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
 fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
 fastcgi_param GEOIP_REGION $geoip_region;
 fastcgi_param GEOIP_CITY $geoip_city;
 fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
 fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
 fastcgi_param GEOIP_LATITUDE $geoip_latitude;
 fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

$geoip_country_code = getenv(GEOIP_COUNTRY_CODE);
$geoip_country_code = $_SERVER['GEOIP_COUNTRY_CODE']; // works as well
$geoip_country_code3 = getenv(GEOIP_COUNTRY_CODE3);
$geoip_country_name = getenv(GEOIP_COUNTRY_NAME);

$geoip_city_country_code = getenv(GEOIP_CITY_COUNTRY_CODE);
$geoip_city_country_code3 = getenv(GEOIP_CITY_COUNTRY_CODE3);
$geoip_city_country_name = getenv(GEOIP_CITY_COUNTRY_NAME);
$geoip_region = getenv(GEOIP_REGION);
$geoip_city = getenv(GEOIP_CITY);
$geoip_postal_code = getenv(GEOIP_POSTAL_CODE);
$geoip_city_continent_code = getenv(GEOIP_CITY_CONTINENT_CODE);
$geoip_latitude = getenv(GEOIP_LATITUDE);
$geoip_longitude = getenv(GEOIP_LONGITUDE);

echo 'country_code: '.$geoip_country_code.'<br>';
echo 'country_code3: '.$geoip_country_code3.'<br>';
echo 'country_name: '.$geoip_country_name.'<br>';

echo 'city_country_code: '.$geoip_city_country_code.'<br>';
echo 'city_country_code3: '.$geoip_city_country_code3.'<br>';
echo 'city_country_name: '.$geoip_city_country_name.'<br>';
echo 'region: '.$geoip_region.'<br>';
echo 'city: '.$geoip_city.'<br>';
echo 'postal_code: '.$geoip_postal_code.'<br>';
echo 'city_continent_code: '.$geoip_city_continent_code.'<br>';
echo 'latitude: '.$geoip_latitude.'<br>';
echo 'longitude: '.$geoip_longitude.'<br>';


In .htaccess add this rules, with list of countries which you want to block.

RewriteEngine On
 RewriteBase /
 RewriteRule ^(.*)$ [R,L]

More detailed on and Country code list. Thanks for reading.

Leave comments

You must be logged in to post a comment.