The ngx whitelist/blacklist module in nginx provides a straightforward way to restrict or permit access to your server based on the IP address of the client making the request. You can define specific IP addresses or ranges in your configuration to either allow or deny access to your server resources.
-
ngx_http_geo_module
http_geo_module module creates variables with values depending on the client IP address. That means
$c_ip_addrset value from ip value in file.- /etc/nginx/ip_rules/ips.conf
163.38.139.42 1; 15.228.203.250 1; 146.16.251.134 0;- /etc/nginx/sites-available/
geo $c_ip_addr { default 0; include /etc/nginx/ip_rules/ips.conf; } server { listen 80; server_name _; if ($c_ip_addr = 0) { return 403; } location / { } } -
Restricting Access
ngx_http_access_module- /etc/nginx/ip_rules/ip_block_rules.conf
allow 192.168.1.1; allow 10.10.10.0/24; allow 203.0.113.0/24;- /etc/nginx/sites-available/
server { listen 80; server_name nest.ubuntu.com; include /etc/nginx/ip_rules/ip_block_rules.conf; deny all; location / { } }
Which to Use:
-
Use
ngx_http_geo_module: when you need granular control over access based on various criteria, require dynamic updates, or need to manage a large number of IP addresses efficiently. -
Use
ngx_http_access_moduledirectives: when you have a simple use case of allowing or denying access to specific IP addresses or ranges and want a straightforward solution without the need for complex rules.
Enjoy you practice 🌟
Top comments (0)