Nginx allow and deny by IP

Allow and deny connections through Nginx

In addition to protecting your application (or parts of it) using HTTP basic authentication, you can use Cloud 66 CustomConfig to block (or allow) access to your application based on IP addresses. Follow the instructions below to accomplish this.

  1. Create a file in the root of your repository called blockips.conf. This file will contain the IPs you wish to allow/deny.
  2. To deny a single IP address, you can use the following syntax:
  3. deny 1.2.3.4;

    You can also deny an entire subnet as follows:


    deny 91.212.45.0/24;

    Should you wish to only allow access to your IP address, do this:

    allow 1.2.3.4/24; deny all;

    There are lots of resources about this syntax on the Internet in case you need more guidance.

  4. Now we can go ahead and customize the Nginx configuration, which you can see more about in our Nginx CustomConfig documentation.
  5. You will want to add the following code within the http section of your configuration, for example on line 22.

    include {{ deploy_to }}/current/blockips.conf;
    

    This will read the file from your repository directory on the server. Once you save that configuration, it will apply immediately on your server.

 

You must be logged in to comment on this article