Mircea Stanciu
Reputation: 3753
Nginx block POST for certain countries
I have a reverse proxy nginx to tomcat.
My goal is to ban total access to certain countries and ban POST for all countries except one.
Total access ban for certain countries can be achieved via iptables at kernel level. That is a easy task.
My dilemma is how I ban only POST from all countries except one. Rest of them can see the website (GET) but I don't want them to create accounts, or post data.
I could filter by listing all forms that use post, but are too many.
Is any way to filter with nginx only post?
Thank you
Upvotes: 0
Views: 1156
Answers (1)
Jack
Reputation: 1902
geo $ip_country {
ranges;
default zz;
include /usr/local/nginx/conf/ip_country.conf;
}
set $method_country $request_method$ip_country;
if ($method_country ~ "POST(?!au)") {
return 405;
}
ip_country.conf format like:
0.0.0.0-0.255.255.255 eu;
1.0.0.0-1.0.0.255 au;
1.0.1.0-1.0.3.255 cn;
1.0.4.0-1.0.7.255 au;
1.0.8.0-1.0.15.255 cn;
1.0.16.0-1.0.31.255 jp;
1.0.32.0-1.0.63.255 cn;
1.0.64.0-1.0.127.255 jp;
1.0.128.0-1.0.255.255 th;
1.1.0.0-1.1.0.255 cn;
...
and you could use $ip_country value inside your scripts with:
fastcgi_param IP_COUNTRY $ip_country;
Upvotes: 1
Related Questions
- Whitelist IPs In Nginx Virtual Host File Country Blocking
- NGINX block by country and exclude bots
- How to block api access from certain country or region?
- Block country for special address or URL with htaccess and GeoIP
- Can I perform GeoIP blocking in NGINX without having to pay for NGINX Plus?
- Restrict website to access specific country
- Whitelisting one IP while blocking multiple countries with nginx?
- How to grant access to a specific IP address that is blocked by GeoIP[country] in nGinx?
- Only allow certain countries traffic access specific page
- Blocked country with one IP allowed (GEOIP Conf.)