Block a website in specific countries using Nginx
Learn how to block a website in a country or specific countries using Nginx.
Introduction
In this article, I will show you how we can block our website or web app in specific countries or a country. This article assumes that the website is being served behind an Nginx reverse proxy running on an Ubuntu instance.
This demo is based on the below versions.
- OS: Ubuntu 22.04.1 LTS
- Nginx: nginx/1.18.0 (Ubuntu)
Pre-requisites
- Nginx
- Free GeoLite2 account — https://dev.maxmind.com/geoip/geolite2-free-geolocation-data
Steps to follow
1. Install Nginx & GeoIP2 module
Start with installing Nginx & GeoIP2 module on the Ubuntu server.
sudo apt-get install nginx libnginx-mod-http-geoip2Run nginx -V command & check if you see the below text in the output.
--add-dynamic-module=/build/nginx-d8gVax/nginx-1.18.0/debian/modules/http-geoip22. Create a free account on MaxMind page.
Now create an account on MaxMind website to access GeoLite2 database files.
3. Download the GeoLite2-Country.mmdb file & copy it to your Ubuntu server.
Once you sign up, you should be able to download the GeoLite2 database files. Download the GeoLite2-Country.mmdb file & copy it to an easily accessible location on the server. I put my database file under /opt.
Optional — You can also download
GeoLite2-Country.mmdbfile if you want to block your website in a specific city.
mv GeoLite2-Country.mmdb /opt4. Edit the Nginx configuration file.
Now edit the /etc/nginx/nginx.conf file & add the below snippet under http block. Note that I have put IN no because I want to test geo-blocking in India. Put any country code that you want to block.
nomeans you are blocking that country.
http {
geoip2 /opt/GeoLite2-Country.mmdb{
$geoip2_data_country_iso_code country iso_code;
}
map $geoip2_data_country_iso_code $allowed_country {
default yes;
IN no;
}5. Edit your Nginx website configuration file.
After enabling GeoLite2 in Nginx main configuration, it’s time to configure your actual website configuration so that whenever a visitor tries to load your website from the blocked country, the 444 status code is returned instead of the web-page.
This configuration file can be inside
/etc/nginx/conf.dor/etc/nginx-sites-enableddirectory.
Add the below snippet to your website configuration file right after listen segment in server block.
if ($allowed_country = no) {
return 444;
}Below is how it looks on my server. I am using the default configuration, so my file is /etc/nginx/sites-enabled/default.
server {
listen 80 default_server;
listen [::]:80 default_server;
if ($allowed_country = no) {
return 444;
}6. Restart Nginx.
It’s always better to test your Nginx configuration by using sudo nginx -t command before restarting the service.
ubuntu@shashank-server:~$ sudo nginx -t
nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successfulsudo systemctl restart nginx.service7. Try opening your website.
Now open your website in the browser. It should display an error message similar to the one below.
This site can’t be reached
<server> refused to connect.
Try:
Checking the connection
Checking the proxy and the firewall
ERR_CONNECTION_REFUSEDAnd that’s it. Using the steps above, you should be able to block your website in specific countries (or cities if you want). I hope you liked this post. Please follow me for more such articles.
