Global denial for certain IPs or agents?

Francis Daly francis at
Tue May 10 20:20:31 UTC 2016

On Tue, May 10, 2016 at 09:42:26AM -0400, Alex Hall wrote:

Hi there,

> I know how to do this, but how can I do it
> globally? Currently I have to put the rules in each site's configuration
> file, which is duplicating, which I'd like to avoid. says "Context: http, server, location, limit_except".

So you can put your allow (and deny) directives at "http" level,
and they will inherit into the appropriate location{} block (unless
overridden elsewhere).

(Or you could block access outside of nginx, by using a firewall or
other network control device.)

Francis Daly        francis at

More information about the nginx mailing list