Deny ips, and pick ips from a file.
Anton Yuzhaninov
citrin at citrin.ru
Thu Oct 11 10:03:09 UTC 2012
On 11.10.2012 09:50, Quintin Par wrote:
> I need to deny users by ip. I assume we need to do something like this
>
> location / {
>
> # block one workstation
>
> deny 192.168.1.1;
>
> # allow anyone in 192.168.1.0/24 <http://192.168.1.0/24>
>
> allow 192.168.1.0/24 <http://192.168.1.0/24>;
>
> # drop rest of the world
>
> deny all;
>
> }
>
> But how can I pass on the list of ips from a file? A file which will get udated
> from time to time.
>
> Can I pass the ips something like this
>
> deny /tmp/iplist.txt;
If list of IP to block is really big, then better to use geo module instead
allow/deny: http://nginx.org/en/docs/http/ngx_http_geo_module.html
geo $denyed_host {
default 1;
include /tmp/iplist.txt;
}
...
if ($denyed_host) {
return 403;
}
iplist.txt should contain lines like:
192.168.1.0/24 0;
192.168.1.1/32 1;
After update of /tmp/iplist.txt you should reconfigure nginx (e. g. run nginx -s
reload).
--
Anton Yuzhaninov
More information about the nginx
mailing list