1. Configure whitelists (allow specific IP access)
To allow a specific IP address or IP range to access a website, you can use the allow directive. Suppose we want to allow 192.168.1.100 this IP address to access the NGINX service:
Edit your NGINX configuration file (usually located in /etc/nginx/ or /etc/nginx/sites-available/default):
server {
listen 80;
server_name ;
location / {
# Allow specific IP access allow 192.168.1.100;
# The remaining IPs are denied access deny all;
# Configure other parameters }
}2. Configure blacklist (specific IP access denied)
To deny access to a specific IP address, you can usedenyInstructions. Suppose we want to stop192.168.1.101Access to this IP address:
server {
listen 80;
server_name ;
location / {
# Denied specific IP access deny 192.168.1.101;
# Allow other IP access allow all;
# Configure other parameters }
}3. Configure a black and white list of multiple IPs
You can use multiple simultaneouslyallowanddenyInstructions to configure access control of multiple IP addresses or IP ranges. For example:
server {
listen 80;
server_name ;
location / {
# Allow multiple IP access allow 192.168.1.100;
allow 203.0.113.0/24; # Allow the entire IP range
# Denied multiple IP access deny 192.168.1.101;
deny 198.51.100.200;
# Configure other parameters }
}4. Combining the black and white list for finer granular control
If you have a more complex requirement (for example, only certain IPs can access certain specific paths), it can be differentlocationConfigure different access controls. For example:
server {
listen 80;
server_name ;
# Default configuration, allowing everyone to access location / {
allow all;
deny all;
}
# Access control for specific paths location /admin {
# Only 192.168.1.100 and 203.0.113.0/24 access to /admin paths is allowed allow 192.168.1.100;
allow 203.0.113.0/24;
deny all; # Access denied for the rest of IPs }
}5. Use the geo module for more flexible control (optional)
You can also use NGINX's geo module to perform more flexible access control based on the client's IP address. This method allows you to create a variable that sets different permissions based on the source of the IP address.
For example, create a geo module to define access permissions based on IP addresses:
http {
geo $restricted {
default 1;
192.168.1.100 0; # Allow 192.168.1.100 203.0.113.0/24 0; # Allow 203.0.113.0/24 network segment }
server {
listen 80;
server_name ;
location / {
if ($restricted) {
deny all; # If the $restricted variable is 1, access is denied }
allow all; # Allow other IP access }
}
}6. Overload NGINX configuration
After completing the configuration, remember to verify the configuration and overload the NGINX service:
sudo nginx -t # Test whether the configuration is correctsudo systemctl reload nginx # Reload NGINX Configuration
7. Common configuration application scenarios
- Whitelist: When you only want certain IP addresses to access your service, while others are denied.
- blacklist: When you want to block certain specific IP addresses, allow other access.
- Combination use: When you need more fine-grained control to allow or deny access to certain IP addresses to specific paths.
Summarize
By using it in NGINXallowanddenyInstructions, you can easily implement black and white list control of IP addresses to protect your server from unnecessary access.
This is the article about the specific steps of implementing IP-based access control (IP black and white list) in Nginx. For more related content on Nginx IP access control, please search for my previous articles or continue browsing the related articles below. I hope everyone will support me in the future!