Nginx geoipblocking & allowing LAN IPs
Solution 1
I found a solution - no idea if it's 'clean'. Just overwrite the $allowed_country variable if a lan IP condition was matched before.
geo $lan-ip {
default no;
192.168.1.0/24 yes;
}
and this block before the "#block countries" part
if ($lan-ip = yes) {
set $allowed_country yes;
}
Solution 2
You could also do the following:
map $geoip_country_code $allowed_country {
default no;
'' yes;
US yes;
}
Although it won't just apply to LAN/private network IP addresses, but to all addresses that aren't handled by your GeoIP database.
Related videos on Youtube
![Admin](/assets/logo_square_200-5d0d61d6853298bd2a4fe063103715b4daf2819fc21225efa21dfb93e61952ea.png)
Admin
Updated on September 18, 2022Comments
-
Admin almost 2 years
I'd like to block IPs with geoip except whitelisted countries AND the local area network. The first part works flawless, the second one not. Somwehere searching the internet I found the codes LH (local host) and LN (local network), but they are both not working.
I'm using the standard howto code for the blocking.
The relevant http {} part in nginx.conf:
geoip_country /usr/share/GeoIP/GeoIP.dat; map $geoip_country_code $allowed_country { default no; US yes; }
The relevant server {} part in sites-available/default:
block countries if ($allowed_country = no) { return 444; }
Any suggestions would be much appreciated!
Update:
$geoip_country_code variable returns "-" on LAN IP access, but adding "- yes;" to the geoip_county block doesn't work either.