How to use Nginx to implement IP blacklist-Nginx-php.cn

Home

Operation and Maintenance

Nginx

How to use Nginx to implement IP blacklist

WBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWBOYWB

Jun 10, 2023 pm 12:42 PM

nginxaccomplishIP blacklist

With the rapid development of the Internet, network security has become an increasingly important issue. Malicious attacks and phishing incidents occur from time to time, posing a great threat to websites and users. Therefore, it is crucial to establish an effective network security defense system.

Nginx is a popular web server software that not only provides high-performance web services, but also plays the role of a reverse proxy. Nginx also provides rich modules to help administrators protect web servers and applications. One of the important features is the IP blacklist, which helps administrators restrict access from specific IP addresses.

The following will discuss how to implement IP blacklisting in Nginx.

Step One: Disable IP Address Access

In the Nginx configuration, the administrator can define a set of IP addresses to disable access. This can be achieved using the "deny" directive and a list of IP addresses. For example, the following configuration will prohibit access to the two IP addresses 192.168.1.2 and 192.168.1.3:

location / {
  deny 192.168.1.2;
  deny 192.168.1.3;
  # ... other configuration directives
}

You can use multiple deny directives in the location block to prevent access to multiple IP addresses.

Step 2: Allow specific IP access

In addition to disabling IP addresses, administrators can also configure Nginx to allow access from specific IP addresses. This can be achieved using the "allow" directive and a list of IP addresses. For example, the following configuration will allow access to the two IP addresses 192.168.1.4 and 192.168.1.5:

location / {
  deny all;
  allow 192.168.1.4;
  allow 192.168.1.5;
  # ... other configuration directives
}

Like the deny directive, multiple allow directives can be used in the location block to allow access to multiple IP addresses .

Step 3: Use variables to manage the IP address list

In actual applications, administrators may need to dynamically manage the IP address list. To make the configuration more flexible, variables can be used to manage the list of IP addresses. The following example demonstrates how to use variables to define a list of IP addresses:

map $remote_addr $deny_ip {
  192.168.1.2 1;
  192.168.1.3 1;
  default 0;
}

In the above example, the "map" directive maps the remote IP address to the $deny_ip variable. If the IP address is in the 192.168.1.2 or 192.168.1.3 list, the $deny_ip variable will be set to 1. Otherwise, the $deny_ip variable will be set to 0.

Next, you can use the $deny_ip variable in the Nginx configuration to determine whether access is prohibited. The following example demonstrates how to use the $deny_ip variable to block access to a banned IP address:

location / {
  if ($deny_ip) {
    return 403;
  }
  # ... other configuration directives
}

If the $deny_ip variable is 1, Nginx will return a 403 Forbidden response code.

Summary

Nginx is a powerful web server software that can provide rich security features while ensuring server performance. By using Nginx's IP blacklist function, administrators can prohibit access from specific IP addresses to ensure the security of the web server. At the same time, using variables can make the configuration more flexible and easier to manage. Using the above steps, administrators can easily implement IP blacklist functionality in Nginx.

The above is the detailed content of How to use Nginx to implement IP blacklist. For more information, please follow other related articles on the PHP Chinese website!

Statement

The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn

Lei Jun shares his New Year's wishes: deliver 300,000 cars and 100 check-in times in the gymApr 13, 2025 pm 11:54 PM

At the beginning of the new year, Lei Jun shared three New Year's wishes for 2025 at the beginning of the new year, and this four and a half hours-long live broadcast attracted a lot of attention. Lei Jun’s three major wishes are: First, achieve the delivery target of 300,000 vehicles, alleviate the pressure, and no longer be caught up by progress. Second, have more travel time, enjoy the beautiful scenery from all over the world, taste special food, and conduct car testing in combination with work. Third, stick to fitness and plan to check in 100 times in the gym to strengthen your body. Lei Jun admitted in the live broadcast that he traveled around in 2024, with a compact schedule, so he often only stayed for a short time, making it difficult to experience the local culture in depth. For example, at the New North Speedway in Germany, he stayed for only 8 hours. Therefore, in the new year, he hopes to be able to better balance work and life and travel

Annual reputation masterpiece! No.9 Company's micro-film 'Memory Travel' won many authoritative awardsApr 13, 2025 pm 11:51 PM

The micro-film "Memory Travel" created by No. 9 and brand spokesperson Yi Yang Qianxi won several authoritative media awards in 2024 and became a masterpiece of the year. This work has won high praise from the industry for its unique narrative style, exquisite production and sincere emotions. 2024 Awards and Honors: 2024 Gold Touch Global Business Innovation Award - Annual Film and Television Advertising 2024 China Advertising Marketing Award - Entertainment Marketing Group Silver Award 2024 Top Digital Innovation Marketing Award - Film and Television Production Gold Award 2024 Shanghai International Advertising Festival - Microfilm Silver Award 2024 The 11th China Innovation Communication Award - Integrated Marketing Silver Award WISE 2024 King of Business - Annual Case 31st China International Advertising Festival 2024 Digital Marketing Practical Big

Lead innovation and win another honor! AGON won the PConline2024 Zhizhen Technology AwardApr 13, 2025 pm 11:48 PM

Recently, the PConline2024 Zhizhen Technology Award was officially announced, and AGON Aidong QD-OLED e-sports display AG326UD won the "Technical Innovation of the Year" award. This honor not only represents the industry's high recognition of its technological advantages and market performance, but also fully reflects AGON's innovative capabilities and outstanding achievements in the field of e-sports display technology. 01. Looking at the future of technology, the authoritative value of the PConline Zhizhen Technology Award is the weather vane of the technology industry. The PConline Zhizhen Technology Award has successfully won wide industry recognition with its rigorous evaluation system and in-depth industry analysis. The award has always been committed to commending outstanding products and brands that promote the development of the technology industry, covering technology

Sony confirms the possibility of using special GPUs on PS5 Pro to develop AI with AMDApr 13, 2025 pm 11:45 PM

Mark Cerny, chief architect of SonyInteractiveEntertainment (SIE, Sony Interactive Entertainment), has released more hardware details of next-generation host PlayStation5Pro (PS5Pro), including a performance upgraded AMDRDNA2.x architecture GPU, and a machine learning/artificial intelligence program code-named "Amethylst" with AMD. The focus of PS5Pro performance improvement is still on three pillars, including a more powerful GPU, advanced ray tracing and AI-powered PSSR super-resolution function. GPU adopts a customized AMDRDNA2 architecture, which Sony named RDNA2.x, and it has some RDNA3 architecture.

Finally changed! Microsoft Windows search function will usher in a new updateApr 13, 2025 pm 11:42 PM

Microsoft's improvements to Windows search functions have been tested on some Windows Insider channels in the EU. Previously, the integrated Windows search function was criticized by users and had poor experience. This update splits the search function into two parts: local search and Bing-based web search to improve user experience. The new version of the search interface performs local file search by default. If you need to search online, you need to click the "Microsoft BingWebSearch" tab to switch. After switching, the search bar will display "Microsoft BingWebSearch:", where users can enter keywords. This move effectively avoids the mixing of local search results with Bing search results

Grilled skillfully! Monster Hunter launches 20th anniversary barbecue timer and kettleApr 13, 2025 pm 11:39 PM

To celebrate the 20th anniversary of Capcom's "Monster Hunter" series, Baodao Club launched a unique magazine set - "Monster Hunter" themed barbecue timer and accompanying cup. The set will be available at home convenience stores nationwide in Japan on December 27, and will be priced at 3,498 yen. The biggest highlight of this magazine set is its interactive barbecue timer, which perfectly replicates the classic barbecue scenes in the series of games. The timer is designed with an old version of the barbecue tool, equipped with LED flame light effects and game BGM, allowing you to experience the fun of hunting during the actual barbecue process. The rotating handle simulates flipped barbecue. After successfully baking, the voice prompt of "Baked!" will be played. The timer size is about 9.5cm (height) x 10.7cm (width) x 8cm (deep), built-in L

I understand users very much! Xiaomi SU7 owners can get Are U OK valve core cap for freeApr 13, 2025 pm 11:36 PM

Xiaomi Auto’s first anniversary celebration will give car owners a New Year gift! After the delivery volume exceeded 130,000 vehicles last year, Xiaomi Auto’s official Weibo announced that it will give Lei Jun’s classic quotation “AreyouOK?” to every Xiaomi SU7 owner and prospective owner. The number is limited and free to receive it! Activity time: 4 pm on December 28, 2024 to 23:59:59 on January 20, 2025. Users who purchase a car or complete an order before 23:59:59 on December 31, 2024 can get a set of four-piece "AreyouOK?" valve core caps for free. This valve core cap was first released in September this year and is made of bright yellow PVC and brass material. The brass core is directly embedded to ensure safe driving and not easy to fall off. Widely used,

The HDMI 2.2 standard is expected to be announced on the eve of 2025! 8K resolution is coming soonApr 13, 2025 pm 11:33 PM

It is reported that the HDMI2.2 standard is expected to be officially released on the eve of the 2025 CES exhibition. HDMIForum plans to announce this new generation of video signal transmission protocol specifications on January 6. The HDMI2.1 standard released in 2017 has a maximum bandwidth of 48Gbps, supports 4K144Hz and 8K30Hz video transmission, and can be up to 10K120Hz with DSC technology. HDMI2.2 is expected to significantly increase bandwidth, support higher resolution and refresh rate, and adopt new wires. Although the specific specifications have not been disclosed yet, HDMI2.2 will inevitably surpass the 48Gbps bandwidth and 10240*4320 resolution limit of HDMI2.1. Given that DisplayPort2.1 is at 20

See all articles