Nginx geoipblocking & allowing LAN IPs

geoipip-blockinglocal-area-networknginxwhitelist

I'd like to block IPs with geoip except whitelisted countries AND the local area network.
The first part works flawless, the second one not.
Somwehere searching the internet I found the codes LH (local host) and LN (local network), but they are both not working.

I'm using the standard howto code for the blocking.

The relevant http {} part in nginx.conf:

geoip_country /usr/share/GeoIP/GeoIP.dat;
   map $geoip_country_code $allowed_country {
    default no;                              
    US yes;
   }

The relevant server {} part in sites-available/default:

block countries
      if ($allowed_country = no) {
        return 444;
      }

Any suggestions would be much appreciated!

Update:

$geoip_country_code variable returns "-" on LAN IP access, but adding "- yes;" to the geoip_county block doesn't work either.

Best Answer

I found a solution - no idea if it's 'clean'. Just overwrite the $allowed_country variable if a lan IP condition was matched before.

geo $lan-ip {
default no;
192.168.1.0/24 yes;
}

and this block before the "#block countries" part

if ($lan-ip = yes) {
set $allowed_country yes;
}

Related Topic