'NGINX GeoIP2 blocking countries and implementing custom 403 page
This is driving me mad, hopefully someone can help. I have the following warning: But the 403 page is not friendly to blocked countries
, I want to redirect people who are blocked to a custom 403 page.
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
location / {
if ($allowed_country = no) {
return 403;
}
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
}
My custom file lives in /var/www/sitename/403/index.html
. I have tried numerous suggestions but non have worked :(
Solution 1:[1]
Here is my Full Configuration of the vhost file.
##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################
map $geoip2_data_country_code $allowed_country {
default no;
AU yes;
CA yes;
GB yes;
NZ yes;
US yes;
}
server {
root /var/www/example;
server_name www.example.com example.com;
access_log /var/log/nginx/wp_client_access.log;
error_log /var/log/nginx/wp_client_error.log;
if ($allowed_country = no) {
return 403;
}
location / {
index index.php index.html;
try_files $uri $uri/ /index.php?$args;
}
# Specify a charset
charset utf-8;
# GZIP
gzip on;
gzip_disable "msie6";
gzip_vary on;
gzip_proxied any;
gzip_comp_level 6;
gzip_buffers 16 8k;
gzip_http_version 1.1;
gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;
# Add trailing slash to */wp-admin requests.
rewrite /wp-admin$ $scheme://$host$uri/ permanent;
# Prevents hidden files (beginning with a period) from being served
location ~ /\. {
access_log off;
log_not_found off;
deny all;
}
###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########
location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
access_log off;
log_not_found off;
expires max;
}
# Pass all .php files onto a php-fpm or php-cgi server
location ~ \.php$ {
try_files $uri =404;
include /etc/nginx/fastcgi_params;
fastcgi_read_timeout 3600s;
fastcgi_buffer_size 128k;
fastcgi_buffers 4 128k;
fastcgi_param SCRIPT_FILENAME $document_root$fastcgi_script_name;
fastcgi_pass unix:/run/php/php7.3-fpm.sock;
#fastcgi_pass unix:/run/php/php7.2-fpm.sock;
#fastcgi_pass unix:/run/php/php7.0-fpm.sock;
fastcgi_index index.php;
}
# ROBOTS
location = /robots.txt {
allow all;
log_not_found off;
access_log off;
}
#rewrite rules for AIOSEOP XML Sitemap v3.1
rewrite ^/sitemap.xml$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/sitemap.xml.gz$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/(.+)-sitemap.xml$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap.xml.gz$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap(\d+).xml$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
rewrite ^/(.+)-sitemap(\d+).xml.gz$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
# RESTRICTIONS
location ~* /(?:uploads|files)/.*\.php$ {
deny all;
}
listen 443 ssl; # managed by Certbot
ssl_certificate /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/fullchain.pem; # managed by Certbot
ssl_certificate_key /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/privkey.pem; # managed by Certbot
include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot
}
server {
if ($host = www.example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
if ($host = example.com) {
return 301 https://$host$request_uri;
} # managed by Certbot
server_name www.example.com example.com;
listen 80;
return 404; # managed by Certbot
}
Solution 2:[2]
Try this changes to your configuration:
server {
...
error_page 403 /403/;
location /403/ {
internal;
root /var/www/sitename;
}
location / {
if ($allowed_country = no) {
return 403;
}
...
}
}
Sources
This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.
Source: Stack Overflow
Solution | Source |
---|---|
Solution 1 | Steven Sinfield |
Solution 2 |