1. Make sure nginx is compiled with --
with-http_geoip_moduleoption. you can cehcking by running the command "nginx -V"If its not compiled, then recompile nginx with the option--with-http_geoip_module along with the existing options.2. Add the below setting in nginx.cong under http header.In this example we enabled access from India only======================
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
IN yes; # Allow India only
}
map $geoip_country_code $allowed_country {
default no;
IN yes; # Allow India only
}
# Below is to exclude ips.. for example exclude google bots
geo $mygeo { # Specify IP ranges to exclude from the deny list
ranges;
default 0;
64.233.160.0-64.233.191.255 1;
66.102.0.0-66.102.15.255 1;
66.249.64.0-66.249.95.255 1;
72.14.192.0-72.14.255.255 1;
74.125.0.0-74.125.255.255 1;
209.85.128.0-209.85.255.255 1;
216.239.32.0-216.239.63.255 1;
70.34.205.74-70.34.205.78 1;
}
geo $mygeo { # Specify IP ranges to exclude from the deny list
ranges;
default 0;
64.233.160.0-64.233.191.255 1;
66.102.0.0-66.102.15.255 1;
66.249.64.0-66.249.95.255 1;
72.14.192.0-72.14.255.255 1;
74.125.0.0-74.125.255.255 1;
209.85.128.0-209.85.255.255 1;
216.239.32.0-216.239.63.255 1;
70.34.205.74-70.34.205.78 1;
}
=======================================
3. Add the below entries in the specific domain vhosts entry
==============================
set $my_var 0;
if ($allowed_country = "no") {
set $my_var P;
}
if ($mygeo = "0") {
set $my_var "${my_var}C";
}
if ($my_var = PC)
{
return 403;
}
if ($allowed_country = "no") {
set $my_var P;
}
if ($mygeo = "0") {
set $my_var "${my_var}C";
}
if ($my_var = PC)
{
return 403;
}
===============================
So, pages will return 403 page if anyone access site from other than the granted locations.
No comments:
Post a Comment