Forum: NGINX GeoIP country blocking - whitelist specific IPs

Hello NGINX users,

I'm facing a little issue with country bans over GeoIP. I'm using the
following code within my server directive:

if ($geoip_country_code ~ (BR|CN|KR|RU) ) {
return 123;
}

123 returns an error page informing the visitor that his country is 
blocked.
Now let's say I've got some visitors from russia, who should still be 
able
to access my website. How would I archive this? Of course something like
"allow 1.2.3.4;" doesn't work with the code above. Any suggestions?

Thanks in advance!

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,232745,232745#msg-232745

Hi

We use something similar to this:

geoip_country  /path/to/GeoIP.dat;

geo $allowed_ranges {
    default 0;
    1.2.3.0/24 1;
    10.0.0.0/8 1;
    127.0.0.1 1;
}

map $geoip_country_code $blocked_country {
    default 1;
    A2 0; # Satellite Provider
    O1 0; # Other Country
    AD 1; # Andorra
    AP 1; # Asia/Pacific Region
    AQ 1; # Antarctica
}

if ($blocked_country) {
  set $deny_request 1;
}

if ($allowed_ranges) {
  set $deny_request 0;
}

if ($deny_request) {
  # Do whatever you want to do here ...
}

Hope that it makes sense? :)

L.

Hello,

thanks for your reply! Your solution does indeed make sense and I've 
been
using something similar before. Just thought there might be something 
that
wouldn't require rewriting my current syntax, such as:

if ($geoip_country_code ~ (BR|CN|KR|RU) ) {
if ($remote_addr = (1.2.3.4|1.2.3.5|1.2.3.6) ) {
break;
}
return 123;
}

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,232745,232762#msg-232762

...or some elif function, but you get the idea.

Posted at Nginx Forum: 
http://forum.nginx.org/read.php?2,232745,232764#msg-232764