This article explains how to use the GeoIP module to restrict website access by user region in nginx. You need to compile nginx with the –with-http_geoip_module parameter.

1. First, check if nginx was compiled with the GeoIP module
nginx -V
If you see –with-http_geoip_module in the output, it means nginx has already been compiled with the GeoIP module.
2. Next, install the GeoIP database
On Debian/Ubuntu systems, run the following command to install it:
apt-get install geoip-database libgeoip1
CentOS installation method: yum -y install geoip-devel
After installation, the GeoIP database will be located at /usr/share/GeoIP/GeoIP.dat.
This GeoIP.dat is the GeoIP database file. If installed via apt-get, this file may not be the latest. You can download the newest GeoIP database file from http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz .
mv /usr/share/GeoIP/GeoIP.dat /usr/share/GeoIP/GeoIP.dat_bak
cd /usr/share/GeoIP/
wget http://geolite.maxmind.com/download/geoip/database/GeoLiteCountry/GeoIP.dat.gz
gunzip GeoIP.dat.gz
3. Now configure the nginx.conf file
vi /etc/nginx/nginx.conf
Add the following content into the http {} block, and place it before any include statements.
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
FK no;
FM no;
EH no;
}
The statements above allow users from all regions except FK, FM, and EH.
You can also allow only users from specific regions:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
FK yes;
FM yes;
EH yes;
}
The statements above deny access to users from all regions except FK, FM, and EH.
The above statements only set an $allowed_country variable. To actually block users from the designated regions, we need to evaluate the $allowed_country variable.
Add the following inside the server {} block:
if ($allowed_country = no) {
return 403;
}
You can also restrict access for a specific URL:
location /special {
if ($allowd_country = no) {
return 403;
}
}
To configure Chinese users to access a different directory in Nginx, add the following configuration in the relevant places:
This way, when an IP from China accesses the site, it automatically serves the intended page from /home/vpsee/cn. There are many other useful applications for Nginx + GeoIP, such as building a simple CDN — automatically directing visits from China to domestic servers, and visits from the US to US-based servers. MaxMind also provides IP information for cities worldwide; you can download city-level IP databases to handle traffic based on different cities.
4. Restart Nginx
/etc/init.d/nginx reload
This way, we have implemented the functionality of restricting access to users from a specific region in Nginx.
Original article: http://www.dnsdizhi.com/post-175.html