close
close

Offshoreserver distinguishes itself as the premier offshore hosting provider, renowned for its commitment to professionalism and innovation in service delivery.

close
close
Offshore Dedicated Server Offshore Dedicated Server Spain Offshore Dedicated Server Ukraine Storage Offshore Server Offshore Dedicated Server Usa Cloud Rack Offshore Server Proxy Shield Protection Satellite Dish Servers Bulk Ip Leasing Software
ABOUT US AFFIALITES CONTACT US LOGIN CLIENT AREA
menu
+3197010282575 We also take care of providing excellent support 24/7 at no additional cost.
About Us Contact
Home chevron_right Blogs chevron_right Blog Detail

BLOGS

Nginx Block And Deny IP Address OR Network Subnets

03.12.2023

How can I restrict or limit access based on the client's host name or IP address while they are accessing a website hosted by the nginx web server?

A straightforward module called ngx http access module is included with Nginx to allow or restrict access to IP addresses. The following is the syntax:

deny IP;
deny subnet;
allow IP;
allow subnet;
# block all ips
deny    all;
# allow all ips 
allow    all;


Rules are examined according to their records starting with the first match.


How Do I Configure Nginx To Block IPs?



Open the nginx.conf file and type the following (notice that my nginx path is set to /usr/local/nginx/; change it to match your setup):

# cd /usr/local/nginx/conf/
# vi nginx.conf

Add the following line in http section:

## Block spammers and other unwanted visitors  ##
 include blockips.conf;


Save and close the file. Finally, create blockips.conf in /usr/local/nginx/conf/, enter:

# vi blockips.conf

Append / add entries as follows:

deny 1.2.3.4;
deny 91.212.45.0/24;
deny 91.212.65.0/24;

Save and close the file. Test the config file, enter:
# /usr/local/nginx/sbin/nginx -t
Sample outputs:

the configuration file /usr/local/nginx/conf/nginx.conf syntax is ok
configuration file /usr/local/nginx/conf/nginx.conf test is successful

Reload the new config, enter:
# /usr/local/nginx/sbin/nginx -s reload

How Do I Deny All and Allow Only Intranet/LAN IPs?

Edit config file as follows:

location / {
  # block one workstation
  deny    192.168.1.1;
  # allow anyone in 192.168.1.0/24
  allow   192.168.1.0/24;
  # drop rest of the world 
  deny    all;
}

Granted access to network 192.168.1.0/24 with the exception of the address 192.168.1.1.

How Do I Customize HTTP 403 Forbidden Error Messages?

Create a file called error403.html in default document root, enter:
# cd /usr/local/nginx/html
# vi error403.html

<html>
<head><title>Error 403 - IP Address Blocked</title></head>
<body>
Your IP Address is blocked. If you this an error, please contact webmaster with your IP at [email protected]
</body>
</html>

If SSI enabled, you can display the client IP easily from the html page itself:

Your IP Address is <!--#echo var="REMOTE_ADDR" --> blocked.

Save and close the file. Edit your nginx.conf file, enter:
# vi nginx.conf

# redirect server error pages to the static page
 error_page   403  /error403.html;
 location = /error403.html {
         root   html;
 }

Save and close the file. Reload nginx, enter:
# /usr/local/nginx/sbin/nginx -s reload