RE: [no subject]

Sat, 13 Apr 2019 05:54:39 -0700 

Oops, I just noticed I don’t have a Subject. Sorry about that. The firewall 
that we use is really cumbersome when it comes to geo ip blocking in my opinion 
so I decided to do it in nginx. I forgot to mention too that when I put the IP 
address in the server that I don’t want to block I still get the 403. So I 
can’t seem to find a way to allow the 192.168.1.0/24 network while keeping geo 
blocking.

map $geoip_country_code $country_access {
        "US"    0;
       ‘192.168.1.0/24’ 0;
        default 1;
    }


Sent from Mail for Windows 10

From: lists
Sent: Friday, April 12, 2019 9:58 PM
To: Nginx
Subject: Re: [no subject]

Perhaps a dumb question, but if all you are going to do is return a 403, why 
not just do this filtering in the firewall by blocking the offending IP space. 
Yeah I know a server should always have some response, but it isn't like you 
would be the first person to just block entire countries. (I don't do this on 
80/443, but I do block most email ports outside the US.) 

The only reason I mention this is Nginx blocking is more CPU intensive than the 
firewall.  On a small VPS, you might notice the difference in loadomg.


From: softwareinfo...@gmail.com
Sent: April 12, 2019 7:24 PM
To: nginx@nginx.org
Reply-to: nginx@nginx.org
Subject: 

Hi All
I have implemented GEO IP blocking which is working just fine. I have the 
settings you see below. 
 
    map $geoip_country_code $country_access {
        "US"    0;
        default 1;
    }
 
    server {
         if ($country_access = '1') {
         return 403;
         }
 
I notice though that in the logs, the internal IP Addresses are not tagged with 
a country code so internal subnets are getting blocked. Would the correct 
solution be to enter the subnets manually such as this config below? Or is 
there a better solution? Oh by the way, I did try this below and it didn’t 
work. Trying to keep the Geographical blocking but allow some IP ranges. Any 
ideas on how to do this? Any help would be appreciated.
   
 map $geoip_country_code $country_access {
        "US"    0;
       ‘192.168.1.0/24’ 0;
        default 1;
    }
 
 
Regards
SI
 
 


_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx

Reply via email to