DEVHIDE
Login Or Sign up

Getting the user country using GeoIP2 in Nginx

1.8k Views Asked by At

I've been pulling my hair trying to get this thing to work properly, but it seems that whatever I do, the X-Country gets the value "US", since that's the country of the last IP address in the X-Forwarded-To header. This is one of Google's load balancers.

I can't seem to find many examples of this being properly configured online either, most of the source code I've found has been for GeoIP v1.

The file /usr/share/GeoIP/GeoLite2-Country.mmdb exists and has been verified to return the correct country for the IP address that I'm testing this with. The Sentry Python SDK also resolves the IP address to Sweden, based on the first IP in the header.

http {
    ...
    geoip2_proxy 130.211.0.0/22;
    geoip2_proxy 35.191.0.0/16;
    geoip2_proxy_recursive off;
    geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
        $geoip2_data_country_code default=SE country iso_code;
        auto_reload 5m;
    }
    ...
}

server {
    ...
    location / {
        ...
        proxy_set_header X-Country $geoip2_data_country_code;
        ...
    }
}

Any ideas?

If I remove all GeoIP2 configuration, this is the state of the Nginx variables:

GET /foobar HTTP/1.1
remote_addr:              130.211.0.x
http_x_forwarded_for:     <my.real.ip>, 130.211.38.x
realip_remote_addr:       130.211.0.x
http_x_real_ip:           -
proxy_add_x_forwarded_for: <my.real.ip>, 130.211.38.x, 130.211.0.x

It seems that no combination of set_real_ip_from, etc. will assign any variable just <my.real.ip> so that I can use it.

EDIT: The following seems to work, but I think it's open to spoofing:

    geoip2_proxy 0.0.0.0/0;
    geoip2_proxy_recursive on;
    geoip2 /usr/share/GeoIP/GeoLite2-Country.mmdb {
        $geoip2_data_country_code default=SE country iso_code;
    }

So it seems that my geoip2_proxy declarations are a problem somehow, but I'm not sure how?

nginx geolocation geoip geoip2
Original Q&A
1

There are 1 best solutions below

0
On

The problem rising because 130.211.38.x does't belongs to 130.211.0.0/22 and recursive search is disabled. You should enable geoip2 recursive search, and add 130.211.38.x IP to geoip2_proxy directive because it actually proxies your request in chain:

geoip2_proxy 130.211.0.0/22;
geoip2_proxy 35.191.0.0/16;
geoip2_proxy 130.211.38.x/32;
geoip2_proxy_recursive on;

or probably expand CIDR, described in geoip2_proxy directive from 130.211.0.0/22 to 130.211.0.0/16 (entire GOOGLE-CLOUD network, as whois says):

geoip2_proxy 130.211.0.0/16;
geoip2_proxy 35.191.0.0/16;
geoip2_proxy_recursive on;

Related Questions in NGINX

Related Questions in GEOLOCATION

Related Questions in GEOIP

Related Questions in GEOIP2

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.