Cookie and source IP logic in server block


I’m trying to block certain IP ranges at my nginx server, but would like
offer the ability to bypass the block by completing a back-end CAPTCHA,
which would set a cookie.

Currently I set the block like so:

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;

recursive_error_pages on;
error_page 429 = @banned;
if ($blocked = 1) {
return 429;

location @banned {
set $args “”;
rewrite ^ /banned/ ;

Since I can’t nest “if” statements and I can’t make a compound check
“&&” or “||” or something similar, how can I check both the blocked
and look to see if a cookie is set?

Posted at Nginx Forum:,243687,243687#msg-243687

On Mon, Oct 14, 2013 at 06:16:14PM -0400, sfrazer wrote:

Hi there,

untested, but…

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;

map $blocked$cookie_whatever $reallyblocked {
default 0;
1 1;

If it is blocked by geo, and has no cookie_whatever, then $reallyblocked
is 1. If it has any value for cookie_whatever, or $blocked is not 1,
then $reallyblocked is 0.


Francis D. [email protected]

Thanks! I wasn’t aware you could combine variables like that in a map
statement. handy.

Posted at Nginx Forum:,243687,243736#msg-243736

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs