It may be a good idea to enable some parts of your application based on a user country. You could do this on an application level:
require 'geoip'
# Controller code...
before_action do
fail NotAllowed unless Country.allowed?(request.remote_ip)
end
But why would you want to store non-business logic like this in your app? ;) There's a much better solution: you can use the Nginx GeoIP Module.
To do so, you need to have Nginx compiled with a ngx_http_geoip_module. Run:
nginx -V
to see Nginx details. Look for --with-http_geoip_module. If you have it, you can use the GeoIP database with your Nginx instance.
Install the GeoIp database:
sudo apt-get install geoip-database libgeoip1
# you can also download it from here: http://geolite.maxmind.com
it will be stored in /usr/share/GeoIP/.
Now you need to edit /etc/nginx/nginx.conf file. Put following code in the http section:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default no;
PL yes;
US yes;
We decided to blacklist every country except Poland and USA. Full list of countries and their appropriate codes can be found here. Of course instead of whitelisting you could always blacklist:
geoip_country /usr/share/GeoIP/GeoIP.dat;
map $geoip_country_code $allowed_country {
default yes;
PL no;
US no;
This code won't block anything. It will just assign a yes/no value to a $geoip_country_code variable. You can then use it in your server block to allow/disallow access to certain parts of your application:
server {
server_name www.yourdomain.com;
client_max_body_size 32M;
keepalive_timeout 5;
# Some other settings here
error_page 403 /403.html;
location /admin {
if ($allowed_country = no) {
return 403;
}
if (-f $request_filename) {
break;
}
if (!-f $request_filename) {
proxy_pass proxypasstargetsomewhere;
break;
}
}
}
