NGINX GeoIP2 blocking countries and implementing custom 403 page

Question

This is driving me mad, hopefully someone can help. I have the following warning: But the 403 page is not friendly to blocked countries , I want to redirect people who are blocked to a custom 403 page.

map $geoip2_data_country_code $allowed_country {

    default no;
    AU yes;
    CA yes;
    GB yes;
    NZ yes;
    US yes;
}

server {



location / {

    if ($allowed_country = no) {

     return 403;

}
     index                               index.php index.html;

     try_files                           $uri $uri/ /index.php?$args;

}
}

My custom file lives in /var/www/sitename/403/index.html . I have tried numerous suggestions but non have worked:(

Answer 1

Try this changes to your configuration:

server {
    ...
    error_page 403 /403/;

    location /403/ {
        internal;
        root /var/www/sitename;
    }

    location / {
        if ($allowed_country = no) {
            return 403;
        }
        ...
    }
}

Answer 2

Here is my Full Configuration of the vhost file.

##################################
# WORDPRESS NGINX CONFIGURATIONS
##################################

map $geoip2_data_country_code $allowed_country {
    default no;
    AU yes;
    CA yes;
    GB yes;
    NZ yes;
    US yes;
}

server {

root /var/www/example;
server_name www.example.com example.com;
access_log /var/log/nginx/wp_client_access.log;
error_log /var/log/nginx/wp_client_error.log;

   if ($allowed_country = no) {
       return 403;
   }


location / {
    index                               index.php index.html;
    try_files                           $uri $uri/ /index.php?$args;
}

# Specify a charset
        charset                         utf-8;
# GZIP
        gzip                            on;
        gzip_disable                    "msie6";
        gzip_vary                       on;
        gzip_proxied                    any;
        gzip_comp_level                 6;
        gzip_buffers                    16 8k;
        gzip_http_version               1.1;
        gzip_types application/javascript application/rss+xml application/vnd.ms-fontobject application/x-font application/x-font-opentype application/x-font-otf application/x-font-truetype application/x-font-ttf application/x-javascript application/xhtml+xml application/xml font/opentype font/otf font/ttf image/svg+xml image/x-icon text/css text/javascript text/plain text/xml;

# Add trailing slash to */wp-admin requests.
        rewrite /wp-admin$ $scheme://$host$uri/ permanent;

# Prevents hidden files (beginning with a period) from being served
location ~ /\. {
        access_log                      off;
        log_not_found                   off;
        deny                            all;
}

###########
# SEND EXPIRES HEADERS AND TURN OFF 404 LOGGING
###########

        location ~* ^.+.(xml|ogg|ogv|svg|svgz|eot|otf|woff|mp4|ttf|css|rss|atom|js|jpg|jpeg|gif|png|ico|zip|tgz|gz|rar|bz2|doc|xls|exe|ppt|tar|mid|midi|wav|bmp|rtf)$ {
        access_log                      off;
        log_not_found                   off;
        expires                         max;
}

# Pass all .php files onto a php-fpm or php-cgi server
location ~ \.php$ {
        try_files                       $uri =404;
        include                         /etc/nginx/fastcgi_params;
        fastcgi_read_timeout            3600s;
        fastcgi_buffer_size             128k;
        fastcgi_buffers                 4 128k;
        fastcgi_param                   SCRIPT_FILENAME $document_root$fastcgi_script_name;
        fastcgi_pass                    unix:/run/php/php7.3-fpm.sock;
        #fastcgi_pass                    unix:/run/php/php7.2-fpm.sock;
        #fastcgi_pass                   unix:/run/php/php7.0-fpm.sock;
        fastcgi_index                   index.php;
}

# ROBOTS

         location = /robots.txt {
               allow all;
               log_not_found off;
               access_log off;
        }

#rewrite rules for AIOSEOP XML Sitemap v3.1
rewrite ^/sitemap.xml$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/sitemap.xml.gz$ /index.php?aiosp_sitemap_path=root last;
rewrite ^/(.+)-sitemap.xml$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap.xml.gz$ /index.php?aiosp_sitemap_path=$1 last;
rewrite ^/(.+)-sitemap(\d+).xml$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;
rewrite ^/(.+)-sitemap(\d+).xml.gz$ /index.php?aiosp_sitemap_path=$1&aiosp_sitemap_page=$2 last;

# RESTRICTIONS
location ~* /(?:uploads|files)/.*\.php$ {
 deny all;
}


    listen 443 ssl; # managed by Certbot
    ssl_certificate /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/fullchain.pem; # managed by Certbot
    ssl_certificate_key /etc/letsencrypt/live/guidinglightpsychics.com.au-0002/privkey.pem; # managed by Certbot
    include /etc/letsencrypt/options-ssl-nginx.conf; # managed by Certbot
    ssl_dhparam /etc/letsencrypt/ssl-dhparams.pem; # managed by Certbot

}


server {
    if ($host = www.example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot

    if ($host = example.com) {
        return 301 https://$host$request_uri;
    } # managed by Certbot


server_name www.example.com example.com;
    listen 80;
    return 404; # managed by Certbot

}