How to grant access to a specific IP address that is blocked by GeoIP[country] in nGinx?

Question

Can't find solution how to solve this. Here is how I blocked an access to the country and at the same time I need to grand access to a specific IP that is from blocked country.

score 8 · Accepted Answer · edited Sep 24 '15 at 14:37

Finally found the solution for this problem.

1) in nginx.conf add

http {

    geoip_country /usr/share/GeoIP/GeoIP.dat;

    map $geoip_country_code $allowed_country {
        default no;
        LV yes; # in my case it is Latvia (allowed country, but all other are not)
    }

    geo $exclusions {

        default 0;

        123.123.123.123 1;  # here comes allowed IP that is in blocked country list

    }

}

2) in your vhost configuration server{} container

if ($allowed_country = yes) {
    set $exclusions 1;
}


if ($exclusions = "0") {
    return 403;
}

The main idea is from HERE

score 3 · Answer 2 · answered Jun 28 '16 at 11:05

In http block

geoip_country /usr/local/share/GeoIP/GeoIP.dat;

map "$geoip_country_code:$remote_addr" $allowed_country {
    default yes;
    "~..:10.11.12.13" yes;
    "~..:11.12.13.14" no;
    "~TR:.*" no;
}

In server block

if ($allowed_country = no) {
    return 403;
}

How to grant access to a specific IP address that is blocked by GeoIP[country] in nGinx?

2 Answers2