In this tutorial you will learn how to block an IP Address or multiple ip addresses on nginx. This is useful in cases where someone is spamming or attacking your site and you need to block the IP address in order for the attack to stop. However, this is also useful when you need to allow x Ip to access your site or any section on your site.
Follow the steps below and learn how to do it
Step 1 - Go to Nginx Configuration file
In this step you need to open nginx config file with a text editor such as nano or vim
sudo nano /etc/nginx/nginx.conf
note: If you are using the default nginx.conf for your server/site then you will need to add changes only on /etc/nginx/nginx.conf
If you are using virtual-blocks and you want to block/allow an ip only for one virtual block then you will need to edit
/etc/nginx/sites-enabled/mysite.com
Step 2 - Type the IP address you want to block
Open nginx config file
sudo nano /etc/nginx/nginx.conf
add the following line to block the ip address
deny IP adress;
example : deny 192.168.0.1;
The line above will block 192.168.0.1 from accessing your server/website
Blocking an Ip address from accessing your entire site
go to location directive and simply add the line below
location / {
deny 192.168.0.1;
}
Blocking an Ip address from accessing your subdirectory
If you want to block an ip address from accessing a subdirectory on your website, and allowing only your IP to access that subdirectory use the below config
location /my-subdirectory {
allow my ip;
deny all;
}
The config above will allow let's say your IP only to access /my-subdirectory and block all other IPs.
Blocking an Ip address from accessing your subdomain
Open config file for the site where you want to add the block
sudo nano /etc/nginx/sites-enabled/mysite.com
Then add the line below
server {
server subdomain.mysite.com;
deny 192.168.0.1;
}
The config above will block 192.168.0.1 from accessing your subdomain
Blocking All Ip addresses from accessing your subdomain and allow only yours
The lines below will block all Ip addresses from accessing your subdomain except your IP. This means only your IP will be able to access the subdomain.
server {
server subdomain.mysite.com;
deny all;
allow myip;
}
This config is useful when you are working on a new subdomain on your site and you don't want anyone else to see while you are still working on it, then once you are done with the work and you want that subdomain to be seen and accessible by anyone then simply remove the line deny all, so the config file should look like this
server {
server subdomain.mysite.com;
}
Block Multiple IPs
If you want to block multiple Ip addresses from accessing your server/site, then simply add deny directive for all ips
deny ip1;
deny ip2;
deny ip3;
deny ip4;
alow all;
The above config will block access to 4 IPs and allow all other IPs
Block IP Ranges
deny 192.168.0.1/24;
allow all;
Step 3 - Check Nginx Syntax
This is the final step, before you restart nginx you need to check if the syntax is correct
sudo nginx -t
If you get no errors, then simply restart nginx
sudo systemctl restart nginx
Conclusion
That's it! Now you should be able to block or allow any ip address or range to your site.