BestHub
Sign in
Operations 5 min read

How to Block Specific Country IPs with Nginx and GeoIP on a VPS

This guide explains how to compile Nginx with the GeoIP module, install MaxMind's GeoIP library and database, configure the system linker, and set up Nginx directives to redirect traffic from selected countries to custom pages on a single VPS.

ITPUB
ITPUB
ITPUB
How to Block Specific Country IPs with Nginx and GeoIP on a VPS

When you need to block or redirect traffic from a particular country on a VPS that hosts multiple sites, using iptables is inflexible because rules affect all sites on the server. The proper solution is to combine the GeoIP database with a web‑server module such as Apache mod_geoip or Nginx http_geoip_module.

Compile Nginx with the GeoIP module

The default Nginx packages often lack the GeoIP module, so you must download the source and compile it yourself.

# wget http://nginx.org/download/nginx-0.9.6.tar.gz
# tar zxvf nginx-0.9.6.tar.gz
# cd nginx-0.9.6
# ./configure --without-http_empty_gif_module --with-poll_module \
    --with-http_stub_status_module --with-http_ssl_module \
    --with-http_geoip_module
# make && make install

Install MaxMind’s GeoIP library

MaxMind provides a free binary IP‑to‑country database ( GeoIP.dat). To read this file you need the GeoIP C library.

# wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP.tar.gz
# tar -zxvf GeoIP.tar.gz
# cd GeoIP-1.4.6
# ./configure
# make && make install

The library is installed under /usr/local/lib. Add this directory to the dynamic linker configuration so that programs can locate the GeoIP shared library at runtime:

# echo '/usr/local/lib' > /etc/ld.so.conf.d/geoip.conf
# ldconfig

Download the GeoIP database

Obtain the free country database, decompress it, and place it where Nginx can read it.

# wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
# gunzip GeoIP.dat.gz

Configure Nginx

Edit /etc/nginx/nginx.conf to load the database and expose GeoIP variables to FastCGI or other modules. Then use an if block inside a location to serve a different document root for the targeted country (e.g., China).

# vi /etc/nginx/nginx.conf
http {
    ...
    geoip_country /home/vpsee/GeoIP.dat;
    fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
    fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
    fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
    ...
}
server {
    ...
    location / {
        root /home/vpsee/www;
        if ($geoip_country_code = CN) {
            root /home/vpsee/cn;
        }
        ...
    }
    ...
}

After reloading Nginx, any request originating from a Chinese IP address will be served from /home/vpsee/cn. The same technique can be extended to create simple CDN rules, directing visitors from different countries to region‑specific servers, or using MaxMind’s city‑level database for finer‑grained routing.

Original Source

Signed-in readers can open the original source through BestHub's protected redirect.

Sign in to view source
Republication Notice

This article has been distilled and summarized from source material, then republished for learning and reference. If you believe it infringes your rights, please contactadmin@besthub.devand we will review it promptly.

NGINXWeb serverVPSIP blockingGeoIP
ITPUB
Written by

ITPUB

Official ITPUB account sharing technical insights, community news, and exciting events.

0 followers
Reader feedback

How this landed with the community

Sign in to like

Rate this article

Was this worth your time?

Sign in to rate
Discussion

0 Comments

Thoughtful readers leave field notes, pushback, and hard-won operational detail here.

Sign in to comment