Nginx geoipblocking & allowing LAN IPs
Solution 1
I found a solution - no idea if it's 'clean'. Just overwrite the $allowed_country variable if a lan IP condition was matched before.
geo $lan-ip {
default no;
192.168.1.0/24 yes;
}
and this block before the "#block countries" part
if ($lan-ip = yes) {
set $allowed_country yes;
}
Solution 2
You could also do the following:
map $geoip_country_code $allowed_country {
default no;
'' yes;
US yes;
}
Although it won't just apply to LAN/private network IP addresses, but to all addresses that aren't handled by your GeoIP database.
Related videos on Youtube
08 : 25
06 : 43
13 : 53
11 : 57
02 : 24
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
I'd like to block IPs with geoip except whitelisted countries AND the local area network. The first part works flawless, the second one not. Somwehere searching the internet I found the codes LH (local host) and LN (local network), but they are both not working.
I'm using the standard howto code for the blocking.
The relevant http {} part in nginx.conf:
geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default no; US yes; }The relevant server {} part in sites-available/default:
block countries if ($allowed_country = no) { return 444; }Any suggestions would be much appreciated!
Update:
$geoip_country_code variable returns "-" on LAN IP access, but adding "- yes;" to the geoip_county block doesn't work either.