Hi all,
I need to deny users by ip. I assume we need to do something like this
location / {
# block one workstation
deny 192.168.1.1;
# allow anyone in 192.168.1.0/24
allow 192.168.1.0/24;
# drop rest of the world
deny all;
}
But how can I pass on the list of ips from a file? A file which will get
udated from time to time.
Can I pass the ips something like this
deny /tmp/iplist.txt;
Will Nginx refresh the ip list in memory if the file gets changed?
-Quintin
on 2012-10-11 07:56
on 2012-10-11 12:04
On 11.10.2012 09:50, Quintin Par wrote: > allow 192.168.1.0/24 <http://192.168.1.0/24>; > Can I pass the ips something like this > > deny /tmp/iplist.txt; If list of IP to block is really big, then better to use geo module instead allow/deny: http://nginx.org/en/docs/http/ngx_http_geo_module.html geo $denyed_host { default 1; include /tmp/iplist.txt; } ... if ($denyed_host) { return 403; } iplist.txt should contain lines like: 192.168.1.0/24 0; 192.168.1.1/32 1; After update of /tmp/iplist.txt you should reconfigure nginx (e. g. run nginx -s reload). -- Anton Yuzhaninov
on 2012-10-11 12:56
http://bash.cyberciti.biz/web-server/nginx-shell-s... Posted at Nginx Forum: http://forum.nginx.org/read.php?2,231617,231642#msg-231642
on 2012-10-11 13:03
On 11 Out 2012 12h55 CEST, nginx-forum@nginx.us wrote: > http://bash.cyberciti.biz/web-server/nginx-shell-s... Also a shameless plug - I leave the server handling to be done à la carte :) https://github.com/perusio/nginx-spamhaus-drop This creates a file to be used by the geo directive. --- appa > Posted at Nginx Forum:
Enable email notification
Enable multi-page viewPlease log in before posting. Registration is free and takes only a minute.
Existing account
(Switch to SSL-encrypted connection)
NEW: Do you have a Google/GoogleMail or Yahoo account? No registration required!
Log in with Google account | Log in with Yahoo account
Log in with Google account | Log in with Yahoo account
No account? Register here.