Nginx: Blocking by IP list

Blocking IP in Nginx
Андрей Васенин

Андрей Васенин

Автор статьи. Сфера интересов: ИТ-специалист (программирование, администрирование, DBA). Кандидат экономических наук. Подробнее .

In this article, we will look at how to block unwanted IP addresses in the Nginx web server. So, step by step instructions:

1. Open the file /etc/nginx/nginx.conf for editing and add after http {

http {
    include /etc/nginx/blockips.conf;

where /etc/nginx/ is the path to the blockips.conf file from the server root.

2. Create a text file blockips.conf with UTF-8 encoding on the locale in Notepad ++ (or in any other text editor).

3. Add a list of blocked IP addresses to the file according to the example (such options are possible):

deny 31.220.61.77;
deny 185.84.148.0/22;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe/22;

Note! You can use ready-made (collected by special services) lists of unwanted (spam) addresses:

1) Spam IP for the last 10 days - a ready-made list: https://ru.myip.ms/files/blacklist/csf/latest_blacklist.txt

2) Recently spam IPs added manually by users - a ready-made list: https://ru.myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt 

To quickly edit the lists downloaded above, use the text editor Notapad ++:
- press Ctrl + H to open the automatic replacement window.
- check the Extended checkbox in the replacement window.
- then replace \r with;
- then replace \n with \ndeny(space)
- to get like this:
deny 46.101.204.143;
deny 55.101.204.143/21;

Additional tools to create a list of blocked IP addresses:

3) Network calculator: http://ru.smart-ip.net/calculator#ipv4

4) IP to CIDR: http://ip2cidr.com/bulk-ip-to-cidr-converter.php

5) Creating a list of IPs in CIDR format by country: http://software77.net/geo-ip/  (on the right, there are Country IP listing blocks, select a country and CIDR).

4. Upload blockips.conf to the server via ssh, give it CMOD 644 rights through any ssh file manager:

CMOD 644 /etc/nginx/blockips.conf

5. Restart Nginx, for example, like this:

service nginx restart

or

systemctl restart nginx

6. Update the list periodically, at least once a month.

Note! Added a sample file with a list of spam IPs and also adding the country Ukraine below (adding Ukraine greatly reduced the number of spammers on my sites, but this is purely individual).

Вас заинтересует / Intresting for you:

Configuring and Using Joomla w...
Configuring and Using Joomla w... 164 views Гвен Sun, 20 Mar 2022, 07:00:05
 Setup and configuring Django ...
Setup and configuring Django ... 242 views Гвен Wed, 06 Apr 2022, 17:58:18
Configuring and Using Magento ...
Configuring and Using Magento ... 157 views Гвен Sun, 20 Mar 2022, 07:00:30
Configuring NGINX for WordPres...
Configuring NGINX for WordPres... 277 views Гвен Sun, 20 Mar 2022, 07:01:55

Comments (0)

There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location
Type the text presented in the image below