How to Block Foreign IPs with Nginx and GeoIP2 – Step‑by‑Step Guide
This article explains how to detect and block foreign IP addresses from accessing a website by installing the ngx_http_geoip2 module, upgrading Nginx, configuring GeoIP2 databases, updating the Nginx configuration, and verifying the setup with real traffic tests.
The author noticed many foreign IPs in Nginx access logs and decided to block them using the ngx_http_geoip2 module.
① Install GeoIP2 dependency
# yum install libmaxminddb-devel -y② Download the ngx_http_geoip2_module
# git clone https://github.com/leev/ngx_http_geoip2_module.git③ Move the module to a designated path
# mv ngx_http_geoip2_module/ /usr/local/④ Upgrade Nginx and compile with the module
The existing Nginx version is 1.16, which does not support the module; upgrade to 1.18 or later.
# yum install libmaxminddb-devel -y
# tar -xf nginx-1.18.0.tar.gz
# cd nginx-1.18.0/
# ./configure --with-http_stub_status_module \
--prefix=/usr/local/nginx \
--user=nginx --group=nginx \
--with-http_ssl_module --with-stream \
--add-module=/usr/local/ngx_http_geoip2_module
# make
# cp /usr/loca/nginx/sbin/nginx /usr/loca/nginx/sbin/nginx1.16 # backup
# cp objs/nginx /usr/local/nginx/sbin/ # replace binary
# pkill nginx
# /usr/local/nginx/sbin/nginx # restart⑤ Download the latest GeoIP2 database
Create an account on MaxMind , download the GeoLite2 Country GZIP file, and extract it to /usr/share/GeoIP/.
# cd /usr/share/GeoIP/
# ll
# ...
# wget https://.../GeoLite2-Country.mmdb.gz
# gunzip GeoLite2-Country.mmdb.gz⑥ Configure Nginx
Backup the original configuration and edit /usr/local/nginx/conf/nginx.conf:
# cp /usr/local/nginx/conf/nginx.conf /usr/local/nginx/conf/nginx.conf-bak
# vim /usr/local/nginx/conf/nginx.confAdd the following in the http block:
geoip2 /usr/share/GeoIP/GeoLite2-City.mmdb {
auto_reload 5m;
$geoip2_data_country_code country iso_code;
}
map $geoip2_data_country_code $allowed_country {
default yes;
CN no;
}Then, inside the desired server block, add the condition:
if ($allowed_country = yes) {
# return https://www.baidu.com;
# return /home/japan;
return 404;
}⑦ Test the configuration
Check the syntax and reload Nginx:
# /usr/local/nginx/sbin/nginx -t
# /usr/local/nginx/sbin/nginx -s reloadAccess the site from an overseas IP (e.g., Korea) and verify that a 404 Not Found response is returned. The Nginx access log shows the blocked request.
Thus, foreign IP access is successfully blocked using Nginx and the GeoIP2 module.
Signed-in readers can open the original source through BestHub's protected redirect.
This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactand we will review it promptly.
Java High-Performance Architecture
Sharing Java development articles and resources, including SSM architecture and the Spring ecosystem (Spring Boot, Spring Cloud, MyBatis, Dubbo, Docker), Zookeeper, Redis, architecture design, microservices, message queues, Git, etc.
How this landed with the community
Was this worth your time?
0 Comments
Thoughtful readers leave field notes, pushback, and hard-won operational detail here.