Deny ips, and pick ips from a file

Hi all,

I need to deny users by ip. I assume we need to do something like this

location / {

block one workstation

deny 192.168.1.1;

allow anyone in 192.168.1.0/24

allow 192.168.1.0/24;

drop rest of the world

deny all;

}

But how can I pass on the list of ips from a file? A file which will get
udated from time to time.

Can I pass the ips something like this

deny /tmp/iplist.txt;

Will Nginx refresh the ip list in memory if the file gets changed?

-Quintin

On 11.10.2012 09:50, Quintin P. wrote:

allow 192.168.1.0/24 http://192.168.1.0/24;
Can I pass the ips something like this

deny /tmp/iplist.txt;

If list of IP to block is really big, then better to use geo module
instead
allow/deny: http://nginx.org/en/docs/http/ngx_http_geo_module.html

geo $denyed_host {
default 1;
include /tmp/iplist.txt;
}

if ($denyed_host) {
return 403;
}

iplist.txt should contain lines like:

192.168.1.0/24 0;
192.168.1.1/32 1;

After update of /tmp/iplist.txt you should reconfigure nginx (e. g. run
nginx -s
reload).


Anton Y.

http://bash.cyberciti.biz/web-server/nginx-shell-script-to-block-spamhaus-lasso-drop-spam-ip-address/

Posted at Nginx Forum:
http://forum.nginx.org/read.php?2,231617,231642#msg-231642

Thanks Antonio. This bonus is so good.

On 11 Out 2012 12h55 CEST, [email protected] wrote:

http://bash.cyberciti.biz/web-server/nginx-shell-script-to-block-spamhaus-lasso-drop-spam-ip-address/

Also a shameless plug - I leave the server handling to be done à la
carte :slight_smile:

https://github.com/perusio/nginx-spamhaus-drop

This creates a file to be used by the geo directive.

— appa

Posted at Nginx Forum:

This forum is not affiliated to the Ruby language, Ruby on Rails framework, nor any Ruby applications discussed here.

| Privacy Policy | Terms of Service | Remote Ruby Jobs