Of Stack

The GeoIP module is configured in the Nginx server to intercept the specified country IP

  • 2020-05-10 23:32:07
  • OfStack

Recently, there is a website project demand: need to block domestic party request. I spent some time researching 1. The best approach found so far is to use the GeoIP module of Nginx for locale identification. Then configure the ISO name of the country in question and disable access. Note 1 about the process.

Compile the GeoIP component

The free version of the database provided by maxmind already meets the requirements. Before using the database, you need to compile the GeoIP component: 


wget http://geolite.maxmind.com/download/geoip/api/c/GeoIP-1.4.8.tar.gz
./configure
make
make install

Download IP library

Download the IP packet from maxmind and unzip it. This is the country's ip packet: 


wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz

This is the city's ip packet: 


wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCity.dat.gz
gunzip GeoLiteCity.dat.gz

After executing the above command, you get the GeoIP.dat and GeoLiteCity.dat files. Copy these two files to the conf directory of Nginx.

Compile Nginx

nginx does not compile this module by default, it needs to be turned on -- with-http_geoip_module compilation option.

The module relies on the MaxMind GeoIP library.

Configuration Nginx

Next, you need to configure Nginx. First, you need to load the GeoIP packet in the http block in the Nginx configuration file: 


geoip_country GeoIP.dat;
geoip_city GeoLiteCity.dat;

No state visit

Just add the following code to the Nginx configuration of your site: 


if ($geoip_country_code = CN) {
  deny all;
}

The above configuration means that as long as it is a domestic IP, access will be denied.

GeoIP component configuration item reference

Country-related variables in GeoIP: 


$geoip_country_code # English country code of two characters. Such as: CN, US
$geoip_country_code3 #3 English country code for bit characters. Such as: CHN, USA
$geoip_country_name # The full English name of the country. Such as: China, United States

Variables in GeoIP related to sub-regions of the country: 


$geoip_city_country_code # Also the English country code of two characters. 
$geoip_city_country_code3 # On the same 
$geoip_city_country_name # On the same .
$geoip_region # The number tested is a two-digit number, such as the number in hangzhou 02,  Shanghai is  23 . But did not search the relevant information, hope to know the friend message tell it. 
$geoip_city # The English name of the city. Such as: Hangzhou
$geoip_postal_code # The zip code of the city. After testing, the domestic field is empty 
$geoip_city_continent_code # Do not know what use, domestic seem to be AS
$geoip_latitude # latitude 
$geoip_longitude # longitude

Test GeoIP in php

First you need to introduce the GeoIP attribute in fastcgi_params or fastcgi.conf: 


fastcgi_param GEOIP_COUNTRY_CODE $geoip_country_code;
fastcgi_param GEOIP_COUNTRY_CODE3 $geoip_country_code3;
fastcgi_param GEOIP_COUNTRY_NAME $geoip_country_name;
fastcgi_param GEOIP_CITY_COUNTRY_CODE $geoip_city_country_code;
fastcgi_param GEOIP_CITY_COUNTRY_CODE3 $geoip_city_country_code3;
fastcgi_param GEOIP_CITY_COUNTRY_NAME $geoip_city_country_name;
fastcgi_param GEOIP_REGION $geoip_region;
fastcgi_param GEOIP_CITY $geoip_city;
fastcgi_param GEOIP_POSTAL_CODE $geoip_postal_code;
fastcgi_param GEOIP_CITY_CONTINENT_CODE $geoip_city_continent_code;
fastcgi_param GEOIP_LATITUDE $geoip_latitude;
fastcgi_param GEOIP_LONGITUDE $geoip_longitude;

Then add an php file in the web directory, and the code is as follows: 


<?php
$geoip_country_code = getenv(GEOIP_COUNTRY_CODE);
$geoip_country_code3 = getenv(GEOIP_COUNTRY_CODE3);
$geoip_country_name = getenv(GEOIP_COUNTRY_NAME);

$geoip_city_country_code = getenv(GEOIP_CITY_COUNTRY_CODE);
$geoip_city_country_code3 = getenv(GEOIP_CITY_COUNTRY_CODE3);
$geoip_city_country_name = getenv(GEOIP_CITY_COUNTRY_NAME);
$geoip_region = getenv(GEOIP_REGION);
$geoip_city = getenv(GEOIP_CITY);
$geoip_postal_code = getenv(GEOIP_POSTAL_CODE);
$geoip_city_continent_code = getenv(GEOIP_CITY_CONTINENT_CODE);
$geoip_latitude = getenv(GEOIP_LATITUDE);
$geoip_longitude = getenv(GEOIP_LONGITUDE);

echo 'country_code: '.$geoip_country_code.'<br />';
echo 'country_code3: '.$geoip_country_code3.'<br />';
echo 'country_name: '.$geoip_country_name.'<br />';

echo 'city_country_code: '.$geoip_city_country_code.'<br />';
echo 'city_country_code3: '.$geoip_city_country_code3.'<br />';
echo 'city_country_name: '.$geoip_city_country_name.'<br />';
echo 'region: '.$geoip_region.'<br />';
echo 'city: '.$geoip_city.'<br />';
echo 'postal_code: '.$geoip_postal_code.'<br />';
echo 'city_continent_code: '.$geoip_city_continent_code.'<br />';
echo 'latitude: '.$geoip_latitude.'<br />';
echo 'longitude: '.$geoip_longitude.'<br />';

Access the php file and it will show you the geographic information of your current IP location.

php also provides the GeoIP module, which requires manual compilation. You also need to load the GeoIP library. It is still not as efficient as Nginx.

Summary of common instructions
1.geoip_country database;
Default:   --
Context:   http
Specify the database to get its country of origin based on the client IP address. When using this database, the following variables are available in the configuration:

(1) $geoip_country_code
Double character country code, such as "RU", "US".
(2) $geoip_country_code3
3 character country code, such as "RUS", "USA".
(3) $geoip_country_name
Country names, such as "Russian Federation", "United States".

2.geoip_city database;
Default:   --
Context:   http
Specify the database that will be used to get the country, region, and city of the client based on the IP address. When using this database, the following variables are available in the configuration:
(1) $geoip_city_country_code
Double character country code, such as "RU", "US".
(2) $geoip_city_country_code3
3 character country code, such as "RUS", "USA".
(3) $geoip_city_country_name
Country names, such as "Russian Federation", "United States".
(4) $geoip_region
The name of a national administrative region (a district, a direct jurisdiction, a state, a province, a federal jurisdiction, etc.), as "Moscow City", "DC".
(5) $geoip_city
City names, such as "Moscow", "Washington".
(6) $geoip_postal_code
Zip code.

3.geoip_proxy address | CIDR;
Default:   --
Context:   http
This directive appears in versions 1.3.0 and 1.2.1.
Define a trusted address. If the request comes from a trusted address, nginx will use its "X-Forwarded-For" header to get the address.

4.geoip_proxy_recursive on | off;
Default:  
geoip_proxy_recursive off;
Context:   http

Related articles: