nginx geoip problem

kampung

Hi,
I want to configure my nginx to only allow access from some country.
I follow this tutorial http://www.howtoforge.com/nginx-how-to-block-visitors-by-country-with-the-geoip-module-debian-ubuntu

I use debian 6 with nginx from debian repo.

This is snippet of my /etc/nginx/nginx.conf

`
user www-data;
worker_processes 1;

error_log /var/log/nginx/error.log;
pid /var/run/nginx.pid;

events {
worker_connections 1024;
# multi_accept on;
}

http {

    geoip_country /usr/share/GeoIP/GeoIP.dat;
    map $geoip_country_code $allowed_country {
            default no;
            IT yes;
    }

`
It is still not as expected, i can still access the web from other country (not IT/italia)

Any clue?

bdtech

Apply the rule in your config

if ($allowed_country) {

# e.g. set root path /var/www/html/content/usa
}

Shamli

edit:
you need to add in server block...

if ($allow_visit = no) {
            rewrite ^ http://www.google.com.$geoip_country_code;
        }

or in yours

if ($allowed_country = no) {
            rewrite ^ http://www.google.com.$geoip_country_code;
        }

kampung

@bdtech @Shamli

Thanks, i missed that part (apply the rule in the server block). What a stupid mistake.

Thanks

budingyun

@kampung baru?

tinyray

Hi,

BTW, any know how to nginx load balancing using different upstream domain names.

kampung

@budingyun said: @kampung baru?

???

ErawanArifNugroho

From Indonesia? or baru in this Nginx stuff?

kampung

@ErawanArifNugroho said: From Indonesia? or baru in this Nginx stuff?

Hi, you can see my language by yourself
I'm old user of nginx, but not advanced user. Just for personal blog & small django site.

budingyun

@kampung said: Hi, you can see my language by yourself

I'm old user of nginx, but not advanced user. Just for personal blog & small django site.

I'm just joking. Kampung Baru is common village name in Malaysia. ;p

NanoG6

we are all orang kampung here

Wintereise

Damn Malays and Indonesians <_<

J/k

Bayu

I have a similar question, how do I configure nginx with the following conditions?
Allowed specific country (eg: ID) with geoip module and specific ip range/subnet.

Wintereise

Do exactly what he did, except swap IT with ID. You do need the HTTP GeoIP Module for that though.

Bayu

@Wintereise said: Do exactly what he did, except swap IT with ID. You do need the HTTP GeoIP Module for that though.

I've been doing it a long time ago, but how to add multiple subnets outside of database geoip? I want to allow google bot ip range and some ip address outside ID.

Wintereise

Easiest way would be to edit the GeoIP DB itself, it's a single csv file.

Or, map those ranges to another variable, and then allow the visit to progress if $allow_visit = yes OR $your_variable = yes.

Simple stuff, just read some docs