Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
nginx
GitHub Repository: nginx/nginx.org
 Path: blob/main/xml/en/docs/http/ngx_http_geo_module.xml
1 views
1
<?xml version="1.0"?>

2


3
<!--

4
  Copyright (C) Igor Sysoev

5
  Copyright (C) Nginx, Inc.

6
  -->

7


8
<!DOCTYPE module SYSTEM "../../../../dtd/module.dtd">

9


10
<module name="Module ngx_http_geo_module"

11
        link="/en/docs/http/ngx_http_geo_module.html"

12
        lang="en"

13
        rev="6">

14


15
<section id="summary">

16


17
<para>

18
The <literal>ngx_http_geo_module</literal> module creates variables

19
with values depending on the client IP address.

20
</para>

21


22
</section>

23


24


25
<section id="example" name="Example Configuration">

26


27
<para>

28
<example>

29
geo $geo {

30
    default        0;

31


32
    127.0.0.1      2;

33
    192.168.1.0/24 1;

34
    10.1.0.0/16    1;

35


36
    ::1            2;

37
    2001:0db8::/32 1;

38
}

39
</example>

40
</para>

41


42
</section>

43


44


45
<section id="directives" name="Directives">

46


47
<directive name="geo">

48
<syntax block="yes">[<value>$address</value>] <value>$variable</value></syntax>

49
<default/>

50
<context>http</context>

51


52
<para>

53
Describes the dependency of values of the specified variable

54
on the client IP address.

55
By default, the address is taken from the <var>$remote_addr</var> variable,

56
but it can also be taken from another variable (0.7.27), for example:

57
<example>

58
geo $arg_remote_addr $geo {

59
    ...;

60
}

61
</example>

62
</para>

63


64
<para>

65
<note>

66
Since variables are evaluated only when used, the mere existence

67
of even a large number of declared “<literal>geo</literal>” variables

68
does not cause any extra costs for request processing.

69
</note>

70
</para>

71


72
<para>

73
If the value of a variable does not represent a valid IP address

74
then the “<literal>255.255.255.255</literal>” address is used.

75
</para>

76


77
<para>

78
Addresses are specified either as prefixes in CIDR notation

79
(including individual addresses) or as ranges (0.7.23).

80
<note>

81
IPv6 prefixes are supported starting from versions 1.3.10 and 1.2.7.

82
</note>

83
</para>

84


85
<para>

86
The following special parameters are also supported:

87
<list type="tag">

88


89
<tag-name><literal>delete</literal></tag-name>

90
<tag-desc>

91
deletes the specified network (0.7.23).

92
</tag-desc>

93


94
<tag-name><literal>default</literal></tag-name>

95
<tag-desc>

96
a value set to the variable if the client address does not

97
match any of the specified addresses.

98
When addresses are specified in CIDR notation,

99
<literal>0.0.0.0/0</literal>” and “<literal>::/0</literal>

100
can be used instead of <literal>default</literal>.

101
When <literal>default</literal> is not specified, the default

102
value will be an empty string.

103
</tag-desc>

104


105
<tag-name><literal>include</literal></tag-name>

106
<tag-desc>

107
includes a file with addresses and values.

108
There can be several inclusions.

109
</tag-desc>

110


111
<tag-name><literal>proxy</literal></tag-name>

112
<tag-desc>

113
defines trusted addresses (0.8.7, 0.7.63).

114
When a request comes from a trusted address,

115
an address from the <header>X-Forwarded-For</header> request

116
header field will be used instead.

117
In contrast to the regular addresses, trusted addresses are

118
checked sequentially.

119
<note>

120
Trusted IPv6 addresses are supported starting from versions 1.3.0 and 1.2.1.

121
</note>

122
</tag-desc>

123


124
<tag-name><literal>proxy_recursive</literal></tag-name>

125
<tag-desc>

126
enables recursive address search (1.3.0, 1.2.1).

127
If recursive search is disabled then instead of the original client

128
address that matches one of the trusted addresses, the last

129
address sent in <header>X-Forwarded-For</header> will be used.

130
If recursive search is enabled then instead of the original client

131
address that matches one of the trusted addresses, the last

132
non-trusted address sent in <header>X-Forwarded-For</header> will be used.

133
</tag-desc>

134


135
<tag-name><literal>ranges</literal></tag-name>

136
<tag-desc>

137
indicates that addresses are specified as ranges (0.7.23).

138
This parameter should be the first.

139
To speed up loading of a geo base, addresses should be put in ascending order.

140
</tag-desc>

141


142
<tag-name id="volatile"><literal>volatile</literal></tag-name>

143
<tag-desc>

144
indicates that the variable is not cacheable (1.29.3).

145
</tag-desc>

146


147
</list>

148
</para>

149


150
<para>

151
Example:

152
<example>

153
geo $country {

154
    default        ZZ;

155
    include        conf/geo.conf;

156
    delete         127.0.0.0/16;

157
    proxy          192.168.100.0/24;

158
    proxy          2001:0db8::/32;

159


160
    127.0.0.0/24   US;

161
    127.0.0.1/32   RU;

162
    10.1.0.0/16    RU;

163
    192.168.1.0/24 UK;

164
}

165
</example>

166
</para>

167


168
<para>

169
The <path>conf/geo.conf</path> file could contain the following lines:

170
<example>

171
10.2.0.0/16    RU;

172
192.168.2.0/24 RU;

173
</example>

174
</para>

175


176
<para>

177
A value of the most specific match is used.

178
For example, for the 127.0.0.1 address the value “<literal>RU</literal>

179
will be chosen, not “<literal>US</literal>”.

180
</para>

181


182
<para>

183
Example with ranges:

184
<example>

185
geo $country {

186
    ranges;

187
    default                   ZZ;

188
    127.0.0.0-127.0.0.0       US;

189
    127.0.0.1-127.0.0.1       RU;

190
    127.0.0.1-127.0.0.255     US;

191
    10.1.0.0-10.1.255.255     RU;

192
    192.168.1.0-192.168.1.255 UK;

193
}

194
</example>

195
</para>

196


197
</directive>

198


199
</section>

200


201
</module>

202


203