Forum: NGINX cookie and source IP logic in server block

Announcement (2017-05-07): is now read-only since I unfortunately do not have the time to support and maintain the forum any more. Please see and for other Rails- und Ruby-related community platforms.
sfrazer (Guest)
on 2013-10-15 00:17
(Received via mailing list)

I'm trying to block certain IP ranges at my nginx server, but would like
offer the ability to bypass the block by completing a back-end CAPTCHA,
which would set a cookie.

Currently I set the block like so:

geo $remote_addr $blocked {
default 0;
include /etc/nginx/conf/nginx-blocked-ips.conf;


recursive_error_pages on;
error_page 429 = @banned;
if ($blocked = 1) {
return 429;

location @banned {
set $args "";
rewrite ^ /banned/ ;

Since I can't nest "if" statements and I can't make a compound check
"&&" or "||" or something similar, how can I check both the blocked
and look to see if a cookie is set?

Posted at Nginx Forum:,243687,243687#msg-243687
Francis Daly (Guest)
on 2013-10-15 00:35
(Received via mailing list)
On Mon, Oct 14, 2013 at 06:16:14PM -0400, sfrazer wrote:

Hi there,

untested, but...

> geo $remote_addr $blocked {
> default 0;
> include /etc/nginx/conf/nginx-blocked-ips.conf;
> }

  map $blocked$cookie_whatever $reallyblocked {
    default 0;
    1 1;

If it is blocked by geo, and has no cookie_whatever, then $reallyblocked
is 1. If it has any value for cookie_whatever, or $blocked is not 1,
then $reallyblocked is 0.

Francis Daly
sfrazer (Guest)
on 2013-10-15 22:40
(Received via mailing list)
Thanks! I wasn't aware you could combine variables like that in a map
statement. handy.

Posted at Nginx Forum:,243687,243736#msg-243736
This topic is locked and can not be replied to.