The options for allow/deny IP address range are too cumbersome to effectively implement needed security. There are more than 23,550 IP address ranges in the USA. With the current syntax limitations, creating a document that uses these ranges to allow only USA IP address is far too difficult.
deny and allow should be syntatically extended to include this syntax:
allow 3.0.0.0 - 3.103.8.36;
allow 3.103.8.38 - 4.17.135.31;
allow 4.17.135.64 - 4.17.142.255;
allow 4.17.143.16 - 4.18.32.71;
allow 4.18.32.80 - 4.18.40.135;
....(next 23550 ranges)...
deny all;
This would make security usable for country specific IP address ranges!
nginx IP address range matching using this syntax is only slightly different from the /8 syntax, since all blocks are consecutive a > and < comparison for each block is all that is required.
Please implement this IP range syntax and bring some sanity to this needed level of security.