我有一个国家的列表，我想限制访问Web应用程序。例如，来自俄罗斯的用户应该被禁止访问我的Web应用程序。我下载了国家的数据库，并创建了一个单独的文件与Map。然后，我注册了俄罗斯在nginx.conf，但访问没有被阻止。可能是什么问题？

基地：

• https://mirrors-cdn.liferay.com/geolite.maxmind.com/download/geoip/database/GeoIP.dat.gz*

此文件的路径为：/etc/nginx/geoip/GeoIP.dat

新增包含map block.map.include的文件：

此文件的路径为：/etc/nginx/block.map.include

geoip_country /etc/nginx/geoip/GeoIP.dat;  
map $geoip_country_code $allowed_country {  
        default yes;
        RU no;
        ...//and more contries
}

字符串

在nginx.conf中添加了包含模块：

include /etc/nginx/modules-enabled/*;

型

然后在http{}中添加：

#GeoIP
include /etc/nginx/block.map.include;

型

在所有server{}组中添加：

if ($allowed_country = no) {
    return 403;
}

型

我的完整nginx.conf

user root;
include /etc/nginx/modules-enabled/*;
worker_processes     auto;
worker_rlimit_nofile 20960;
events {
    worker_connections  1024;
    multi_accept        on;
    use                 epoll;
    epoll_events        512;
}
http {
    #GeoIP
    include /etc/nginx/block.map.include;
    access_log  /var/log/nginx/access.log   combined;
    error_log   /var/log/nginx/warn.log     warn;
    server_tokens off;
    upstream thumbor {
        server localhost:8888;
    }
    upstream solr {
        server localhost:8983;
    }
    upstream minio {
        server localhost:9000;
    }
    upstream activemq {
        server localhost:8161;
    }
    upstream wildfly {
        ip_hash;
        server localhost:8008;
        server localhost:8018;
    }
    server {
        if ($allowed_country = no) {
            return 403;
        }
        listen 80 default_server;
        listen [::]:80 default_server;
        listen 443 ssl default_server;
        listen [::]:443 ssl default_server;
        ssl_certificate         /etc/ssl/__****.crt;
        ssl_certificate_key     /etc/ssl/private.key;
        ssl_verify_client       off;
        root                    /var/www/special/not/exist/html;
        server_name             ****.ru;
        location / {
            try_files $uri $uri/ =404;
        }
    }
    server {
        if ($allowed_country = no) {
            return 403;
        }
        listen 80;
        server_name ****.ru;
        rewrite ^ https://****.ru$request_uri? permanent;
    }
    server {
        if ($allowed_country = no) {
            return 403;
        }
        listen                      443 ssl;
        server_name                 ****.ru;
        ssl_certificate             /etc/ssl/__****.crt;
        ssl_certificate_key         /etc/ssl/private.key;
        ssl_protocols               TLSv1.2 TLSv1.3;
        ssl_ciphers                 HIGH:!aNULL:!MD5;
        add_header X-Frame-Options "SAMEORIGIN";
        add_header Strict-Transport-Security "max-age=31536000; includeSubDomains";
        client_body_buffer_size         8k;
        client_max_body_size            20m;
        client_body_in_single_buffer    on;
        client_header_buffer_size       1m;
        large_client_header_buffers 4   8k;
        location /****/thumbor/ {
            proxy_pass http://thumbor/;
        }
        location /solr {
            proxy_pass http://solr;
        }
        location /minio {
            proxy_pass http://minio;
        }
        location /activemq {
            proxy_pass http://activemq;
        }
        location / {
            proxy_pass http://wildfly/;
            proxy_buffer_size 16k;
            proxy_buffers 16 16k;
            proxy_busy_buffers_size 64k;
            proxy_temp_file_write_size 64k;
            proxy_read_timeout 180s;
            proxy_set_header   Host              $host;
            proxy_set_header   X-Real-IP         $remote_addr;
            proxy_set_header   X-Forwarded-For   $proxy_add_x_forwarded_for;
            proxy_set_header   X-Forwarded-Proto $scheme;
            if ($request_method !~ ^(GET|HEAD|POST|DELETE|PUT)$ ) {
                return 405;
            }
        }
    }
}

型
P.S.服务器在DEBIAN上。nGinx中没有警告和错误。