Skip to content

geoip2_proxy

The geoip2_proxy directive in the NGINX GeoIP2 module defines trusted addresses. When a request originates from a trusted address, the module uses the client address from the X-Forwarded-For header instead of the direct client IP. This is useful when NGINX is behind a proxy or load balancer that forwards client IPs.

Syntax

geoip2_proxy <cidr>;

Example

load_module modules/ngx_http_geoip2_module.so;

http {
    geoip2 /etc/maxmind-country.mmdb {
        $geoip2_data_country_code default=US source=$remote_addr country iso_code;
    }

    geoip2_proxy 192.168.1.0/24;

    server {
        listen 80;

        location / {
            proxy_set_header X-Real-IP $remote_addr;
            proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;

            # Use the GeoIP2 data
            add_header X-Country-Code $geoip2_data_country_code;
        }
    }
}

In this example, requests from the 192.168.1.0/24 range are considered trusted. The X-Forwarded-For header is used to determine the client's IP address for GeoIP2 lookups.