How can we help you today?

How to block/allow IP-addresses in Nginx

Created by: Sophie van Vrijberghe de Coningh

Modified on: Mon, 14 Sep, 2020 at 10:55 AM


Hypernode makes use of Nginx (pronunciation: ‘Engine X’). Nginx performs better than Apache for the same amount of visitores, this allows us to serve your webshop to more visitors than Apache could. Nginx does not use .htaccess files like Apache. This means that configuration previously done in .htaccess files now has to be done in a different format.

Blocking and allowing IP-addresses is done using the access module.


TABLE OF CONTENTS

Denying everyone across the site

To deny all access from certain addresses, create a file in the nginx-directory in your homedir named server.blacklist, with the following contents:

deny 1.2.3.4; # Deny a single IP
deny 5.6.7.0/24; #Deny a IP range

Denying everyone across the site, except for certain addresses

To deny all access, except certain addresses, add a file named server.whitelist, with the following contents:

allow 1.2.3.4; # Allow a single remote host
deny all; # Deny everyone else

Denying or allowing only a specific location

To deny access to everybody except certain addresses to a specific directory or request, create a file called server.private-dir containing:

location ^~ /myadmin { 
allow 1.2.3.4; 
deny all;
   rewrite / /index.php break;
   echo_exec @phpfpm;
}

Denying access to your staging environment

If you want to allow only a specific ip address to your staging area, you can add the following snippet to a staging.whitelist, replacing yourdomain.hypernode.io with your base-url and YOURIP with the desired ip address.

if ($http_host ~ "yourdomain.hypernode.io:8443")  {
  set $block_me_now A;
}
if ($remote_addr != YOURIP) {
  set $block_me_now "${block_me_now}B";
}
if ($block_me_now = AB) {
    return 403;
    break;
}
S
Sophie is the author of this solution article.

Did you find it helpful? Yes No

Send feedback
Sorry we couldn't be helpful. Help us improve this article with your feedback.