whitelist/blacklist country at LUA level to avoid SEO issues

confs/site/geoip-server.conf

@@ -1,3 +0,0 @@
-if ($allowed_country = no) {
-	return 444;
-}

confs/site/main-lua.conf

@@ -5,6 +5,7 @@ access_by_lua_block {
 
 local use_whitelist_ip		= %USE_WHITELIST_IP%
 local use_whitelist_reverse	= %USE_WHITELIST_REVERSE%
+local use_country		= %USE_COUNTRY%
 local use_blacklist_ip		= %USE_BLACKLIST_IP%
 local use_blacklist_reverse	= %USE_BLACKLIST_REVERSE%
 local use_dnsbl			= %USE_DNSBL%
@@ -34,6 +35,11 @@ if use_whitelist_reverse and whitelist.reverse_cached_ok() then
 	ngx.exit(ngx.OK)
 end
 
+-- check if country is allowed
+if use_country and ngx.var.allowed_country == "no" then
+	ngx.exit(ngx.HTTP_FORBIDDEN)
+end
+
 -- check if already in blacklist cache
 if use_blacklist_ip and blacklist.ip_cached_ko() then
 	ngx.exit(ngx.HTTP_FORBIDDEN)

confs/site/server.conf

@@ -23,7 +23,6 @@ server {
 	%CONTENT_SECURITY_POLICY%
 	%REFERRER_POLICY%
 	%FEATURE_POLICY%
-	%USE_COUNTRY%
 	%BLOCK_USER_AGENT%
 	%BLOCK_TOR_EXIT_NODE%
 	%BLOCK_PROXIES%

entrypoint/site-config.sh

@@ -239,9 +239,9 @@ replace_in_file "${NGINX_PREFIX}server.conf" "%ALLOWED_METHODS%" "$ALLOWED_METHO
 
 # country ban
 if [ "$BLACKLIST_COUNTRY" != "" ] || [ "$WHITELIST_COUNTRY" != "" ] ; then
-	replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" "include ${NGINX_PREFIX}geoip-server.conf;"
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_COUNTRY%" "true"
 else
-	replace_in_file "${NGINX_PREFIX}server.conf" "%USE_COUNTRY%" ""
+	replace_in_file "${NGINX_PREFIX}main-lua.conf" "%USE_COUNTRY%" "false"
 fi
 
 # block bad UA