Blocking Foreign IP Access with Nginx Using the ngx_http_geoip2 Module

The author noticed many malicious requests from foreign IPs in the Nginx access log and decided to block them using the ngx_http_geoip2 module.

Install the required library: yum install libmaxminddb-devel -y Download and extract the module: git clone https://github.com/leev/ngx_http_geoip2_module.git then move it to /usr/local/ngx_http_geoip2_module.

Upgrade Nginx to 1.18 (required for the module): download the source, extract it, and compile with the additional module flag:

./configure --with-http_stub_status_module \
    --prefix=/usr/local/nginx \
    --user=nginx --group=nginx \
    --with-http_ssl_module --with-stream \
    --add-module=/usr/local/ngx_http_geoip2_module
make
cp /usr/local/nginx/sbin/nginx /usr/local/nginx/sbin/nginx1.16   # backup
cp objs/nginx /usr/local/nginx/sbin/                     # replace
pkill nginx
/usr/local/nginx/sbin/nginx                               # restart

Verify the new version with /usr/local/nginx/sbin/nginx -V and ensure the module is listed.

Download the GeoIP2 database: create an account on www.maxmind.com, download the GeoLite2-Country GZIP file, and place it in /usr/share/GeoIP/ (e.g., GeoLite2-Country.mmdb).

Configure Nginx: backup nginx.conf, then add the GeoIP2 block in the http section:

geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
    auto_reload 5m;
    $geoip2_data_country_code country iso_code;
}
map $geoip2_data_country_code $allowed_country {
    default yes;
    CN no;
}

In the server location block, add the condition to return 404 for foreign IPs:

if ($allowed_country = yes) {
    return 404;
}

Test the configuration with /usr/local/nginx/sbin/nginx -t and reload Nginx using /usr/local/nginx/sbin/nginx -s reload. Access the site from an overseas IP to confirm that a 404 response is returned and the request appears in the access log.

The guide concludes that using Nginx with the GeoIP2 module effectively blocks foreign IP traffic.