Forum: NGINX cookie and source IP logic in server block

2974d09ac2541e892966b762aad84943?d=identicon&s=25 sfrazer (Guest)
on 2013-10-15 00:17
(Received via mailing list)

I'm trying to block certain IP ranges at my nginx server, but would like
offer the ability to bypass the block by completing a back-end CAPTCHA,
which would set a cookie.

Currently I set the block like so:

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;


recursive_error_pages on;
error_page 429 = @banned;
if ($blocked = 1) {
return 429;

location @banned {
set $args "";
rewrite ^ /banned/ ;

Since I can't nest "if" statements and I can't make a compound check
"&&" or "||" or something similar, how can I check both the blocked
and look to see if a cookie is set?

Posted at Nginx Forum:,243687,243687#msg-243687
36a8284995fa0fb82e6aa2bede32adac?d=identicon&s=25 Francis Daly (Guest)
on 2013-10-15 00:35
(Received via mailing list)
On Mon, Oct 14, 2013 at 06:16:14PM -0400, sfrazer wrote:

Hi there,

untested, but...

> geo $remote_addr $blocked {
> default 0;
> include /etc/nginx/conf/nginx-blocked-ips.conf;
> }

  map $blocked$cookie_whatever $reallyblocked {
    default 0;
    1 1;

If it is blocked by geo, and has no cookie_whatever, then $reallyblocked
is 1. If it has any value for cookie_whatever, or $blocked is not 1,
then $reallyblocked is 0.

Francis Daly
2974d09ac2541e892966b762aad84943?d=identicon&s=25 sfrazer (Guest)
on 2013-10-15 22:40
(Received via mailing list)
Thanks! I wasn't aware you could combine variables like that in a map
statement. handy.

Posted at Nginx Forum:,243687,243736#msg-243736
Please log in before posting. Registration is free and takes only a minute.
Existing account

NEW: Do you have a Google/GoogleMail, Yahoo or Facebook account? No registration required!
Log in with Google account | Log in with Yahoo account | Log in with Facebook account
No account? Register here.