Menu
i tried to block countries nginx.conf with below codes:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allow_visit {
default yes;
RU no;
}
But im using CLoudFLare /cdn service.so when i block some countries.sometimes i cannot login to my system.Coz cloudflare servers maybe in my block countries.So i should remove cloudflare ips from block country list.But how can i do that?
any advice?
im using ubuntu 14.04 / nginx on my server..
*
and now im under the attack.You guys know, theres cyber war so i should solve this problem fastly.
*
Thanks in advance.
350
CloudFlare allows you to block certain countries from accessing your website at the CloudFlare level. To do so:
This will block the country from all your websites on the CloudFlare level, before any attack even hits your server.
If you require to block it with your Nginx solution rather than CloudFlare's firewall for whatever reason, you can look at enabling "IP Geolocation" under the "Network" tab of the Control Panel. This adds the header "HTTP_CF_IPCOUNTRY" to all requests, and will contain the Country Code (I.e US, UK, RU) in the header.
If you need to block any requests based off certain IPs, or perform the IP lookup yourself. Then you should use the default CloudFlare header that is included with every request that holds the client's IP named "CF-Connecting-IP". For future information, CloudFlare has a good article written here on how they handle their headers.
142
If you are using the free plan (cloudflare), you won't get the visitor IP address, so using geoip_country which matching IP <-> Country is not working.
You should turn on IP Geolocation in CloudFlare, and config nginx to read that country code.
Meanwhile, make sure your origin server only accept connection from CloudFlare IP range.
Details on how to config nginx: http://nginxlibrary.com/using-cloudflare-for-country-blocking/
32
answered Sep 08 '25 16:09
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
