Welcome! Log In Create A New Profile

Advanced

Re: Country / CIDR banning

Previous Message Next Message
Forum List Message List New Topic Print View
Igor Sysoev
August 03, 2009 01:13AM
On Mon, Aug 03, 2009 at 09:58:39AM +0800, Shri @ DevLib.Org wrote:

> We've been getting an extraordinary amount of spam from a few IP ranges (hosting proxies) and countries (Nigeria for example) on our classifieds section.
>
> Mod Geo_IP
> =============
> http {
> geoip_country /usr/local/share/max/GeoIP.dat;
> ......
> =============
> and the result would be in $geoip_country_code
>
> How would I ban based on this result ... for the whole server?
>
> Banning by CIDR
> In Apache a simple Deny from CIDR would work in the Directory / section.
>
> How can I do this in Nginx?

For small number of CIDR it's better to use deny/allow:
http://wiki.nginx.org/NginxHttpAccessModule

For large number (> 20-50) it's better to use
http://wiki.nginx.org/NginxHttpGeoModule

geo $forbidden) {
default 0;
192.168.1.0/24 1;
192.168.5.0/24 1;
...
}

if ($forbidden) {
return 403;
}

As to countries' CIDR, you may get them from GeoIP.dat using
contrib/geo2nginx.pl
This is better then testing $geoip_country_code.


--
Igor Sysoev
http://sysoev.ru/en/
Reply Quote
RSS
Subject Author Posted

Country / CIDR banning

Shri @ DevLib.Org August 02, 2009 09:58PM

Re: Country / CIDR banning

Jim Ohlstein August 02, 2009 10:58PM

Re: Country / CIDR banning

Igor Sysoev August 03, 2009 01:13AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 155
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready