Geographic Restrictions via Nginx & MaxmindDB — July 2023

Introduction:

This article explains how we accomplished Geo IP restrictions using maxmindDB withNginx on CentOS. All the tools used in this activity are either open source or freeware. This article is ideal for new maxmindDB which ended support for .dat files. config in the article as screenshots are tested & are fully functional. Great help & insights from Saurabh Bhardwaj.

Note: This is for legacy servers where .dat files are only supported

Prerequisites:

• Nginx shall be complied with — with-http_geoip_module

Step 1:

Login to maxmindDB and go to Download GeoIP Databases (I’d recommend to create account before downloading).

Step 2:

Download .csv format

MaxmindDB Download Page

Step 3:

Most important step is to convert .csv to .dat, as .dat is natively supported on nginx. We used online utility by Miyuru Sankalpa on website: https://www.miyuru.lk/geoiplegacy or download the utility and do it yourself Ref: https://github.com/maxmind/geoip2-csv-converter

python3 ./geolite2legacy.py -i /Users/Rohit/Desktop/GeoLite2-Country-CSV_20230726.zip -f geoname2fips.csv -o /Users/I0518/Desktop/GeoIPCountry.dat

Command on Terminal

Step 4:

Update configuration as shown in screenshot below:

nginx.conf in http block

Step 5:

Add below config to make final exceptions

nginx.conf in server block

Step 6:

Check for correct configuration:

⇒ sudo nginx -t

Reload config on getting positive message

⇒ sudo nginx -s reload

P.S: Feel free to add your ideas on how to accomplish this task.

Reference:

Nginx geoipblocking & allowing LAN IPs

How to grant access to a specific IP address that is blocked by GeoIP[country] in nGinx?