Block extension for specified IP address

Francis Daly francis at
Tue Jan 5 18:07:06 UTC 2021

On Fri, Jan 01, 2021 at 02:54:21AM -0500, Dr_tux wrote:

Hi there,

> I'm stuck in this. I am open to your suggestions. Thank you.

Untested by me, but...

> I have a reverse proxy configuration as follows, I want to block exe
> extensions for requests from here. But it doesn't work. How can I do that ?

I would probably use "map" to set a variable $block_this_extension
to 1 or empty based on whatever part of the url is relevant to you --
perhaps match the end of $request_filename; perhaps look at $request_uri
or $document_uri.

And then, if the "ok" IP addresses are easy to list in a "map", set a
new variable $block_this_request based on $remote_addr to empty for the
"ok" addresses, defaulting to $block_this_extension.

And then just before the proxy_pass (or whatever you are trying to
protect), if $block_this_request is 1 (or: is not empty), return the
rejection code that you want.

(If the "ok" IP addresses are not easy to list in a map, then "geo"
can be used, but that becomes a little more fiddly, I think.)

Good luck with it,

Francis Daly        francis at

More information about the nginx mailing list