http_geo module#
The module creates variables with values depending on the client IP address.
Example Configuration#
geo $geo {
default 0;
127.0.0.1 2;
192.168.1.0/24 1;
10.1.0.0/16 1;
::1 2;
2001:0db8::/32 1;
}
Directives#
geo#
- Syntax:
geo[$address] $variable { … }- Default:
—
- Context:
http
Describes the dependency of values of the specified variable on the client IP address. By default, the address is taken from the $remote_addr variable, but it can also be taken from another variable, for example:
geo $arg_remote_addr $geo {
...;
}
Note
Since variables are evaluated only when used, the mere existence of even a large number of declared geo variables does not cause any extra costs for request processing.
If the value of a variable does not represent a valid IP address then the “255.255.255.255” address is used.
Addresses are specified either as prefixes in CIDR notation (including individual addresses) or as ranges .
The following special parameters are also supported:
|
deletes the specified network |
|
a value set to the variable if the client address does not match any of the specified addresses. When addresses are specified in CIDR notation, “0.0.0.0/0” and “::/0” can be used instead of default. When default is not specified, the default value will be an empty string |
|
includes a file with addresses and values. There can be several inclusions. |
|
defines trusted addresses. When a request comes from a trusted address, an address from the “X-Forwarded-For” request header field will be used instead. In contrast to the regular addresses, trusted addresses are checked sequentially. |
|
enables recursive address search. If recursive search is disabled then instead of the original client address that matches one of the trusted addresses, the last address sent in “X-Forwarded-For” will be used. If recursive search is enabled then instead of the original client address that matches one of the trusted addresses, the last non-trusted address sent in “X-Forwarded-For” will be used. |
|
indicates that addresses are specified as ranges. This parameter should be the first. To speed up loading of a geo base, addresses should be put in ascending order. |
Example:
geo $country {
default ZZ;
include conf/geo.conf;
delete 127.0.0.0/16;
proxy 192.168.100.0/24;
proxy 2001:0db8::/32;
127.0.0.0/24 US;
127.0.0.1/32 RU;
10.1.0.0/16 RU;
192.168.1.0/24 UK;
}
The conf/geo.conf file could contain the following lines:
10.2.0.0/16 RU;
192.168.2.0/24 RU;
A value of the most specific match is used. For example, for the 127.0.0.1 address the value RU will be chosen, not US.
Sample range description:
geo $country {
ranges;
default ZZ;
127.0.0.0-127.0.0.0 US;
127.0.0.1-127.0.0.1 RU;
127.0.0.2-127.0.0.255 US;
10.1.0.0-10.1.255.255 RU;
192.168.1.0-192.168.1.255 UK;
}