Published : 11 Jun 2025
I host all my apps on a VPS. One day all my apps suddenly became unavailable. I checked nginx logs and saw that I am getting frequent requests from China and Singapore which is overwhelming the server. My server was getting DDoSed. My app that was getting these requests is about a sport that has no presence in China or Singapore. So the solution for me was straightforward, block all the requests from these countries. Following are the steps I took to achieve this:
Downloaded GeoLite2-Country.mmdb from this github repo. This is a database of IP to country mappings provided by MaxMind.
Moved the downloaded file to /etc/nginx/geoip2 directory.
Added the following in http block of /etc/nginx/nginx.conf.
geoip2 /etc/nginx/geoip2/GeoLite2-Country.mmdb {
auto_reload 5m;
$geoip2_country_code source=$remote_addr country iso_code;
}
if ($geoip2_country_code = CN) {
return 403;
}
if ($geoip2_country_code = SG) {
return 403;
}
Here CN and SG are country codes for China and Singapore respectively. This block ensures that any request coming from these countries is returned 403 error without letting it reach the app server.
And it worked. All my apps became available again.