Mastering Nginx

Reverse Proxy Advanced Topics

[ 96 ]

In our scenario, we are providing a service to Swiss banks. We want the public parts

of the site to be indexed by Google, but are for now still restricting access to Swiss
IPs. We also want a local watchdog service to be able to access the site to ensure

it is still responding properly. We define a variable $exclusions, which will have
the value 0 by default. If any of our criteria are matched, the value will be set to 1 ,

which we will use to control access to the site:

http {

# the path to the GeoIP database

geoip_country /usr/local/etc/geo/GeoIP.dat;

# we define the variable $exclusions and list all IP addresses

# allowed

# access by setting the value to "1"

geo $exclusions {

default 0;

127.0.0.1 1;

216.239.32.0/19 1;

64.233.160.0/19 1;

66.249.80.0/20 1;

72.14.192.0/18 1;

209.85.128.0/17 1;

66.102.0.0/20 1;

74.125.0.0/16 1;

64.18.0.0/20 1;

207.126.144.0/20 1;

173.194.0.0/16 1;

}

server {

# the country code we want to allow is "CH", for Switzerland

if ($geoip_country_code = "CH") {

set $exclusions 1;

}