At work I had the task to implement a redirection based on the visitors country for the company website.
I came to use this serverfault.com answer as a base for my implementation.
But how do I test this? In order to test the behavior I need to fake IP adresses from all over the world. iptables to the rescue!
Faking the source IP address
To test this I had the NGINX running in a virtual machine. In this VM the following iptables rule will rewrite the IP from the client before it reaches NGINX.
$ iptables -t nat -A INPUT -p tcp -d <serverIP> --dport 443 -s <clientIP> -j SNAT --to-source <fakeIP>
This was taken from this serverfault answer (SNAT only).
In order to change the faked IP address the current rule must be deleted. To get an overview of the currently applied rules use
$ iptables -t nat -L -n -v --line-number
The rule should be in the
INPUT chain. In order to delete the rule run the following command
$ iptables -t nat -D INPUT <number>
<number> is the number in the
num column of the previous output.
After this we can run the first command again with another faked IP address.
Check what NGINX sees
It would be nice to know which IP NGINX sees and the country it detects. Of course this could be checked in the log files as well but it would be nice to see it right there in the browser.
The sub_filter directive helps with this. When an
index.html file is placed in the directories where a redirect will happen to the
sub_filter module can replace placeholders with NGINX variables.
index.html could look like this:
Country: <country><br> Source IP: <sourceip>
location section of the NGINX config the following needs to be placed:
sub_filter '<country>' $geoip_country_code; sub_filter '<sourceip>' $remote_addr;