It may be a good idea to enable some parts of your application based on a user country. You could do this on an application level:

require 'geoip'

# Controller code...
before_action do
  fail NotAllowed unless Country.allowed?(request.remote_ip)

But why would you want to store non-business logic like this in your app? ;) There's a much better solution: you can use the Nginx GeoIP Module.

To do so, you need to have Nginx compiled with a ngx_http_geoip_module. Run:

nginx -V

to see Nginx details. Look for --with-http_geoip_module. If you have it, you can use the GeoIP database with your Nginx instance.

Install the GeoIp database:

sudo apt-get install geoip-database libgeoip1
# you can also download it from here:

it will be stored in /usr/share/GeoIP/.

Now you need to edit /etc/nginx/nginx.conf file. Put following code in the http section:

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
  default no;
  PL yes;
  US yes;

We decided to blacklist every country except Poland and USA. Full list of countries and their appropriate codes can be found here. Of course instead of whitelisting you could always blacklist:

geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
  default yes;
  PL no;
  US no;

This code won't block anything. It will just assign a yes/no value to a $geoip_country_code variable. You can then use it in your server block to allow/disallow access to certain parts of your application:

server {
  client_max_body_size 32M;
  keepalive_timeout 5;

  # Some other settings here

  error_page 403 /403.html;

  location /admin {
    if ($allowed_country = no) {
      return 403;

    if (-f $request_filename) {

    if (!-f $request_filename) {
      proxy_pass proxypasstargetsomewhere;