{"id":740,"date":"2012-02-08T14:31:20","date_gmt":"2012-02-08T06:31:20","guid":{"rendered":"http:\/\/nick.workao.org\/?p=740"},"modified":"2012-02-08T14:31:20","modified_gmt":"2012-02-08T06:31:20","slug":"nginx-block-and-deny-ip-address-or-network-subnets","status":"publish","type":"post","link":"https:\/\/nick.txtcc.com\/index.php\/linux\/740","title":{"rendered":"Nginx Block And Deny IP Address OR Network Subnets"},"content":{"rendered":"<p>How do I block or deny access based on the host name or IP address of the client visiting website under nginx web server?<\/p>\n<p>Nginx comes with a simple module called ngx_http_access_module to allow or deny access to IP address. The syntax is as follows:<\/p>\n<p>deny IP;\ndeny subnet;\nallow IP;\nallow subnet;<\/p>\n<h1>block all ips<\/h1>\n<p>deny\u00a0\u00a0\u00a0 all;<\/p>\n<h1>allow all ips<\/h1>\n<p>allow\u00a0\u00a0\u00a0 all;\nNote rules are checked in the order of their record to the first match.<\/p>\n<p>How Do I Configure Nginx To Block IPs?<\/p>\n<p>Edit nginx.conf file, enter (note my nginx path is set to \/usr\/local\/nginx\/, replace this according to your setup):<\/p>\n<h1>cd \/usr\/local\/nginx\/conf\/<\/h1>\n<h1>vi nginx.conf<\/h1>\n<p>Add the following line in http section:<\/p>\n<h2>Block spammers and other unwanted visitors\u00a0<\/h2>\n<p>include blockips.conf;\nSave and close the file. Finally, create blockips.conf in \/usr\/local\/nginx\/conf\/, enter:<\/p>\n<h1>vi blockips.conf<\/h1>\n<p>Append \/ add entries as follows:<\/p>\n<p>deny 1.2.3.4;\ndeny 91.212.45.0\/24;\ndeny 91.212.65.0\/24;<\/p>\n<p>Save and close the file. Test the config file, enter:<\/p>\n<h1>\/usr\/local\/nginx\/sbin\/nginx -t<\/h1>\n<p>Sample outputs:<\/p>\n<p>the configuration file \/usr\/local\/nginx\/conf\/nginx.conf syntax is ok\nconfiguration file \/usr\/local\/nginx\/conf\/nginx.conf test is successful\nReload the new config, enter:<\/p>\n<h1>\/usr\/local\/nginx\/sbin\/nginx -s reload<\/h1>\n<p>How Do I Deny All and Allow Only Intranet\/LAN IPs?<\/p>\n<p>Edit config file as follows:<\/p>\n<p>location \/ {<\/p>\n<h1>block one workstation<\/h1>\n<p>deny\u00a0\u00a0\u00a0 192.168.1.1;<\/p>\n<h1>allow anyone in 192.168.1.0\/24<\/h1>\n<p>allow\u00a0\u00a0 192.168.1.0\/24;<\/p>\n<h1>drop rest of the world<\/h1>\n<p>deny\u00a0\u00a0\u00a0 all;\n}\nGranted access to network 192.168.1.0\/24 with the exception of the address 192.168.1.1.<\/p>\n<p>How Do I Customize HTTP 403 Forbidden Error Messages?<\/p>\n<p>Create a file called error403.html in default document root, enter:<\/p>\n<h1>cd \/usr\/local\/nginx\/html<\/h1>\n<h1>vi error403.html<\/h1>\n<p><html>\n<head><title>Error 403 &#8211; IP Address Blocked<\/title><\/head>\n<body>\nYour IP Address is blocked. If you this an error, please contact webmaster with your IP at webmaster@example.com\n<\/body>\n<\/html><\/p>\n<p>If SSI enabled, you can display the client IP easily from the html page itself:<\/p>\n<p>Your IP Address is <!--#echo var=\"REMOTE_ADDR\" --> blocked.\nSave and close the file. Edit your nginx.conf file, enter:<\/p>\n<h1>vi nginx.conf<\/h1>\n<h1>redirect server error pages to the static page<\/h1>\n<p>error_page\u00a0\u00a0 403\u00a0 \/error403.html;\nlocation = \/error403.html {\nroot\u00a0\u00a0 html;\n}\nSave and close the file. Reload nginx, enter:<\/p>\n<h1>\/usr\/local\/nginx\/sbin\/nginx -s reload<\/h1>\n<p>See also:\nNginx Shell Script To Block Spamhaus Lasso Drop Spam IP Address<\/p>","protected":false},"excerpt":{"rendered":"<p>How do I block or deny access based on the host name or IP address of the client visiting website un&#46;&#46;&#46;<\/p>","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-740","post","type-post","status-publish","format-standard","hentry","category-linux"],"_links":{"self":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/740","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/comments?post=740"}],"version-history":[{"count":1,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/740\/revisions"}],"predecessor-version":[{"id":741,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/posts\/740\/revisions\/741"}],"wp:attachment":[{"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/media?parent=740"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/categories?post=740"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/nick.txtcc.com\/index.php\/wp-json\/wp\/v2\/tags?post=740"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}