Reverse Proxy Advanced Topics
[ 96 ]
In our scenario, we are providing a service to Swiss banks. We want the public parts
of the site to be indexed by Google, but are for now still restricting access to Swiss
IPs. We also want a local watchdog service to be able to access the site to ensure
it is still responding properly. We define a variable $exclusions, which will have
the value 0 by default. If any of our criteria are matched, the value will be set to 1 ,
which we will use to control access to the site:
http {
# the path to the GeoIP database
geoip_country /usr/local/etc/geo/GeoIP.dat;
# we define the variable $exclusions and list all IP addresses
# allowed
# access by setting the value to "1"
geo $exclusions {
default 0;
127.0.0.1 1;
216.239.32.0/19 1;
64.233.160.0/19 1;
66.249.80.0/20 1;
72.14.192.0/18 1;
209.85.128.0/17 1;
66.102.0.0/20 1;
74.125.0.0/16 1;
64.18.0.0/20 1;
207.126.144.0/20 1;
173.194.0.0/16 1;
}
server {
# the country code we want to allow is "CH", for Switzerland
if ($geoip_country_code = "CH") {
set $exclusions 1;
}