How can I block IP addresses in Nginx?

Where necessary, you may need to have access to a VPS server so you can follow how to implement the steps in this article. You can get a cheaper VPS Server from Contabo with 4vCPU cores, 8GM RAM, and 32TB Bandwidth for less than $5.50 per month. Get this deal here now

UPDATED: 8 months ago | Elijah Were

$5.50 Monthly

4 vCPU Cores | 8GB RAM

$15.50 Monthly

6 vCPU Cores | 16GB RAM

$17.50 Monthly

8 vCPU Cores | 24GB RAM

In this guide, we’ll walk you through the process of blocking IP addresses in Nginx using various methods.

Before you start, make sure you have access to the server where Nginx is installed and a basic understanding of Nginx configuration.

Method #1: Using the `deny` Directive

The deny directive in Nginx allows you to explicitly deny access to specific IP addresses or ranges.

To implement this method, open your Nginx configuration file. This is commonly located at:

sudo nano /etc/nginx/nginx.conf

sudo nano /etc/nginx/sites-available/default

Inside the server block, add the following line to deny access to a specific IP address.

   location / {
       deny 192.168.1.1;
       # Your other configurations go here
   }

In this method, the deny directive is used on its own within a specific location block. This approach explicitly denies access to a specified IP address. You include the deny directive followed by the IP address you want to block. This method is straightforward and suitable for blocking individual IP addresses.

Make sure you replace 192.168.1.1 with the IP address you want to block

Save the file and exit the text editor. You will also need to reload Nginx to apply the changes.

sudo systemctl reload nginx

Method #2: Using `allow` and `deny` Directives Together

You can use the allow and deny directives together to create a more flexible access control mechanism.

To implement this method, open your Nginx configuration file.

   sudo nano /etc/nginx/nginx.conf

Inside the server block, add the following lines to allow/deny access based on IP addresses.

   location / {
       allow 192.168.1.0/24;
       deny all;
       # Your other configurations go here
   }

In this method, the allow and deny directives are used together within a location block. This allows for a more flexible access control mechanism. You use the allow directive to specify the IP addresses or ranges that are allowed, and the deny directive is used to deny access to any remaining addresses.

Replace 192.168.1.0/24 with the IP address or range you want to allow.

Save the file and reload Nginx to apply the changes.

sudo systemctl reload nginx

Method #3: Using the `geo` Module

The geo module allows you to define variables based on the client’s IP address, which can be useful for conditional configurations.

To implement this method, open your Nginx configuration file.

sudo nano /etc/nginx/nginx.conf

Add a geo block outside the server block to define the variable.

   geo $block_ip {
       default 0;
       192.168.1.1 1;
       # Add more IP addresses as needed
   }

Inside the server block, use an if statement to deny access based on the variable.

   location / {
       if ($block_ip) {
           return 403;
       }
       # Your other configurations go here
   }

It’s important to note that using if in Nginx should be done cautiously, as it can lead to unexpected behavior. In this case, it’s used for a simple conditional block, but more complex if conditions should be avoided if possible.

Save the file and reload Nginx to apply the changes.

sudo systemctl reload nginx

Conclusion

Blocking IP addresses in Nginx is an essential aspect of securing your web server. Choose the method that best fits your requirements and implement it carefully to enhance the security of your web applications.

Hire us to handle what you want

Hire us through our Fiverr Profile and leave all the complicated & technical stuff to us. Here are some of the things we can do for you:

Website migration, troubleshooting, and maintenance.
Server & application deployment, scaling, troubleshooting, and maintenance
Deployment of Kubernetes, Docker, Cloudron, Ant Media, Apache, Nginx, OpenVPN, cPanel, WHMCS, WordPress, and more
Everything you need on AWS, IBM Cloud, GCP, Azure, Oracle Cloud, Alibaba Cloud, Linode, Contabo, DigitalOcean, Ionos, Vultr, GoDaddy, HostGator, Namecheap, DreamHost, and more.

We will design, configure, deploy, or troubleshoot anything you want. Starting from $10, we will get your job done in the shortest time possible. Your payment is safe with Fiverr as we will only be paid once your project is completed.