site logo

Stacknatic

Stacknatic logo

We Care About Your Privacy

Stacknatic utilizes technologies, such as cookies, to enhance your browsing experience. By using this technology, you can be provided with a more personalized and seamless interaction with this website. By continuing, you agree with the Privacy Policy of Stacknatic.

Privacy Policy | Terms of Use
Home/blog/How to block an IP address in Nginx

How to block an IP address in Nginx

featured image for How to block an IP address in Nginx

Published on: March 12, 2024 (Updated on: July 14, 2024)

Blocking an IP address or a range of IP addresses using Nginx involves modifying the Nginx configuration file for your server block (often found in '/etc/nginx/sites-available/' directory on Linux systems).

Here's how to block specific IPs:

 1. Single IP Address Blocking
If you want to block a specific IP address, add the deny directive to the server section of your nginx configuration file like in the example below:

location / {
    deny 123.45.67.89; // this directive will block the provided IP address, in this case (123.45.67.89). Replace the IP address with the one you wish to block.
    allow all; // this would allow all other IP address. This line is optional because other IPs would usually be allowed unless specifically blocked.

}

 2. Blocking Multiple IP Addresses
If you want to block multiple specific IP addresses, you can add a 'deny' line for each IP address like so:

location / {
    deny 123.45.67.89;
    deny 98.76.54.32;
}

 3. Blocking an IP Range
If you want to block a range of IP addresses, you can use Classless Inter-Domain Routing (CIDR) notation. For example, to block a range of IPs from '123.45.67.0' to '123.45.67.255':

location / {
    deny 123.45.67.0/24;
}

 Steps to Apply the Changes
After making the changes, you will need to:

- Save your configuration file. Make sure you edit the file with root permissions (using sudo if necessary).

- Test the Nginx configuration for syntax errors by running:

sudo nginx -t

- Reload Nginx to apply the changes without downtime:

sudo systemctl reload nginx

Or restart Nginx (this might cause brief downtime):

sudo systemctl restart nginx

 Important Considerations:

- Location of 'deny' and 'allow' Directives: While the example uses the 'location / { ... }' block to apply the IP bans to the entire site, you can also use these directives within other `location` blocks or the `server` block as needed.

- Order Matters: The `order` of `allow` and `deny` directives is essential. Typically, Nginx processes these rules sequentially and follows a "last match wins" logic.

- Avoiding Unintended Blocks: Be cautious when blocking IP ranges, as this can potentially block legitimate users.

- Dynamic IPs: Keep in mind that if the user you're trying to block has a dynamic IP address (changes frequently), blocking their IP might only be a temporary solution.

Remember, IP-based blocking is most effective against basic attacks or nuisances. More sophisticated abusers often find ways around IP blocks, such as using VPNs, proxies, or botnets with diverse IP ranges.

See more posts in Web Server Tech
Author:author's avatarMichael

Recommended Posts

featured image for How to Create a Django Web App (with Custom User Model)

How to Create a Django Web App (with Custom User Model)

Learn how to create a Django web app with a custom user model, covering setup and the essential steps to tailor your application to your needs.

featured image for CSRF Attack and Implications Explained in Simple Terms With Example

CSRF Attack and Implications Explained in Simple Terms With Example

An explanation of Cross-Site Request Forgery (CSRF) attack, its implications, and effective strategies to protect web applications from unauthorized actions.

featured image for How to Trap Focus in Next.js and React

How to Trap Focus in Next.js and React

Trapping focus ensures that keyboard users can navigate your component without losing focus elsewhere on the page. Learn how to trap focus in React and Next.js.

featured image for How to Implement Debouncing in Next.js

How to Implement Debouncing in Next.js

Debouncing can be used to prevent performance issues or data inaccuracies that may arise from multiple component renderings or repetitive user actions.

featured image for Mutable vs Immutable Data in JavaScript and React.js

Mutable vs Immutable Data in JavaScript and React.js

In programming, data structures can generally be classified as either mutable or immutable. Here is a simplified explanation of both in JavaScript and React.js.