Country-Level Blocking With MaxMind
To block users in selected countries from accessing your websites, we recommend using MaxMind. MaxMind services use IP addresses to identify a user’s country, and you can write rules to block specific countries.
Start by downloading the GeoLite2 Country MaxMind Database in .mmdb
format from MaxMind.
Place the file in a location inside your container, for example /container/application/GeoLite2-Country.mmdb
. Now you’re ready to enable and set up the configuration files.
Configuring MaxMind and Blocking Countries
The exact process differs according to the image that your container is running. Below, this document takes you through the steps for Apache and Nginx.
- Before you begin: Find the ISO codes of relevant countries in this GeoNames table.
- Once you’re done: Test that your country blocking works as intended by visiting your site from a service that lets you imitate traffics from different locations, like ProxySite or Geo Targetly.
Apache
Create a symlink of the MaxMind conf file and load files to the mods-enabled folder:
To block specific countries, add rules to the container’s .htaccess
file. Model them on this example code:
Nginx
Some configuration changes are required in Nginx.
- In
/container/config/nginx/nginx.conf
, load the GeoIP2 module before theevents
block: - Pass the MaxMind database to the GeoIP modul, then map the variables to allow or deny a country, using this code as an example:
- Add an if statement to
/container/config/nginx/sites-available/default
to block requests from denied countries. (444 is a special code in Nginx.) - Reboot the container for your changes to take effect.
Because it takes configuration changes to update your list of allowed or denied countries in Nginx, you’ll need to reboot the container each time.