How to Block any IP Address on Nginx

0

In this tutorial you will learn how to block an IP Address or multiple ip addresses on nginx. This is useful in cases where someone is spamming or attacking your site and you need to block the IP address in order for the attack to stop. However, this is also useful when you need to allow x Ip to access your site or any section on your site.

Follow the steps below and learn how to do it

Step 1 - Go to Nginx Configuration file

In this step you need to open nginx config file with a text editor such as nano or vim

sudo nano /etc/nginx/nginx.conf

note: If you are using the default nginx.conf for your server/site then you will need to add changes only on /etc/nginx/nginx.conf

If you are using virtual-blocks and you want to block/allow an ip only for one virtual block then you will need to edit

/etc/nginx/sites-enabled/mysite.com

Step 2 - Type the IP address you want to block

Open nginx config file

sudo nano /etc/nginx/nginx.conf

add the following line to block the ip address

deny IP adress;
example : deny 192.168.0.1;

The line above will block 192.168.0.1 from accessing your server/website

Blocking an Ip address from accessing your entire site

go to location directive and simply add the line below

location / {
   deny 192.168.0.1;
 }

Blocking an Ip address from accessing your subdirectory

If you want to block an ip address from accessing a subdirectory on your website, and allowing only your IP to access that subdirectory use the below config

location /my-subdirectory {
   allow my ip;
   deny all;
 }

The config above will allow let's say your IP only to access /my-subdirectory and block all other IPs.

Blocking an Ip address from accessing your subdomain

Open config file for the site where you want to add the block

sudo nano /etc/nginx/sites-enabled/mysite.com

Then add the line below

server {
  server subdomain.mysite.com;
  deny 192.168.0.1;
}

The config above will block 192.168.0.1 from accessing your subdomain

Blocking All Ip addresses from accessing your subdomain and allow only yours

The lines below will block all Ip addresses from accessing your subdomain except your IP. This means only your IP will be able to access the subdomain.

server {
  server subdomain.mysite.com;
  deny all;
  allow myip;
}

This config is useful when you are working on a new subdomain on your site and you don't want anyone else to see while you are still working on it, then once you are done with the work and you want that subdomain to be seen and accessible by anyone then simply remove the line deny all, so the config file should look like this

server {
  server subdomain.mysite.com;
  
}

Block Multiple IPs

If you want to block multiple Ip addresses from accessing your server/site, then simply add deny directive for all ips

deny ip1;
deny ip2;
deny ip3;
deny ip4;

alow all;

The above config will block access to 4 IPs and allow all other IPs

Block IP Ranges

deny 192.168.0.1/24;
allow all;

Step 3 - Check Nginx Syntax

This is the final step, before you restart nginx you need to check if the syntax is correct

sudo nginx -t

If you get no errors, then simply restart nginx

sudo systemctl restart nginx

Conclusion

That's it! Now you should be able to block or allow any ip address or range to your site.

Author

Endrit Qerreti

Web Development, IT, Linux System Administration, Security Researcher, Computer Technician

Comments