http {
        # .......... a lot of stuff .........

        # Use GeoIP database to restrict access to the site by country:
        geoip_country /usr/share/GeoIP/GeoIP.dat;

        # Access is blocked by default and only allowed to visitors from Ukraine
        # (useful agains DDoS attacks from Asian and Western European botnets):
        map $geoip_country_code $allowed_country {
            default no;
            UA yes;
        }

        server {
                # .......... a lot of stuff .........
                # Actually block access from countries famous for hosting botnets:
                if ($allowed_country = no) {
                     return 444;
                }
                # .......... a lot of other stuff .........
        }
}