How to redirect/block users by country using NGINX

Nginx is the second most used web server after Apache. As a web administrator you are sometimes faced with the challenge of only authorizing the countries where most of your targeted users reside. Google on itself does not prevent your content from appearing only on specific countries. You can implement geo targeting on google, however this does not prevent your content from appearing on other countries. That said, you should implement geo targeting if your site targets a specific country due to the SEO benefits. Blocking users by country is useful, but use it wisely.

Install nginx:

sudo apt install nginx

In order for nginx to be able to detect country based on IP the following modules should be installed geoip-database   and libgeoip1

On Debian install them like below:

sudo apt install geoip-database libgeoip1

The GeoIP module uses precompiled MaxMind databases to detect client location based on IP address.

The GeoIP module can do three things:

1. Detect Country based on clients IP. geoip_country file;
2. Detect City based on clients IP. geoip_city file;
3. Detect Organization based on clients IP. geoip_org file;

Read more about Nginx GeoIP  Module

Loading GeoIP Module

On Debian 11 after installing nginx the GeoIP module is ussually automatically loaded.

Check if GeoIP is loaded on your system.

sudo cat /etc/nginx/modules-enabled/50-mod-http-geoip.conf

The result should be load_module modules/ngx_http_geoip_module.so;

If the file does not exist you'll have to load the module. To do that edit /etc/nginx/nginx.conf configuration file.

Add the following load_module modules/ngx_http_geoip_module.so; at the beginning to load the module.

load_module modules/ngx_http_geoip_module.so;

Test nginx

After adding or ensuring that GeoIP module is loaded on your nginx. Test nginx with the below command to ensure everything is okay.

sudo nginx -t

Results should look like below:

nginx: the configuration file /etc/nginx/nginx.conf syntax is ok
nginx: configuration file /etc/nginx/nginx.conf test is successful

Blocking/Redirecting users based on Country

Now that we have all that configured we can easily block users based on country. To do that we are required to edit the nginx server configuration file.

On debian 11 the default configuration is located in /etc/nginx/sites-enabled/default

On the configuration file edit it. Use the snippets below to fill your configuration.

NB: Ignore the dots ......... they are just an indication for your other code.

.....

# Detect country based on client IP
geoip_country /usr/share/GeoIP/GeoIP.dat; # load geoip IP data
map $geoip_country_code $allow_directive { 
    default yes;
    KE redirect;
    NG redirect;
    RU no;
    CN no;
}

.......

server {

.........

# Redirect Countries to be redirected
if ($allow_directive = redirect) {
    default_type text/html;
    return 200 "<!DOCTYPE html><h2>Not available in your Country!</h2>\n";
}
# Block blocked countries
if ($allow_directive = no) {
    return 444;
}

......

}

The first chunk of code loads the geo_ip module data. This enables nginx to detect the country of clients based on their IP. If the country is one we want to redirect we set variable allow_directive to redirect . The countries we want to block we set allow_directive to no . The rest of the countries are allowed since the default directive is yes.

NB: The first chuck of code should be written outside server {}.

Conclusion

Redirecting users is useful for countries your business intends to capitalize on in future. However for countries where your business has no intention of venturing into you can just block them all the way.

Depending on your use case the ability to block/redirect users based on IP is usually useful.