SHINCHVEN'S HEXO

Setup An IP Whitelist With Nginx

Nginx IP whitelist
Count: 231Reading time: 1 min
2017/03/10 Share

Basic Configuration

Define a common IP whitelist conf to be included

/etc/nginx/conf.d/shared/ipwhitelist.conf
1
2
3
4
5
6
deny 192.168.1.1;       # deny the actual IP address
allow 127.0.0.1;        # allow the actual IP address to access such as 127.0.0.1 for localhost
allow 192.168.0.0/16;   # allow IP addresses in range
allow 172.16.0.0/16;
allow 10.10.0.0/16;
deny all;               # deny the rest of the world

Include the IP whitelist to your app’s conf

/etc/nginx/conf.d/your.conf
1
2
3
server{
   include /etc/nginx/conf.d/shared/ipwhitelist.conf
}

How to define IP in range

RFC1918 name IP address range Number of addresses Largest CIDR block (subnet mask) Host ID size Mask bits Classful description
24-bit block 10.0.0.0 – 10.255.255.255 16777216 10.0.0.0/8 (255.0.0.0) 24 bits 8 bits single class A network
20-bit block 172.16.0.0 – 172.31.255.255 1048576 172.16.0.0/12 (255.240.0.0) 20 bits 12 bits 16 contiguous class B networks
16-bit block 192.168.0.0 – 192.168.255.255 65536 192.168.0.0/16 (255.255.0.0) 16 bits 16 bits 256 contiguous class C networks

See Wikipedia: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

author: SHINCHVEN

permalink: https://atlassc.net/2017/03/10/ip-whitelist-with-nginx/

date: Fri Mar 10 2017 20:59:12 GMT+0800 (China Standard Time)

updated: Fri May 29 2020 20:51:48 GMT+0800 (China Standard Time)

license: Attribution-NonCommercial 4.0 International (CC BY-NC 4.0) - 知识共享署名-非商业性使用 4.0 国际许可协议

CATALOG
  1. 1. Basic Configuration
    1. 1.1. Define a common IP whitelist conf to be included
    2. 1.2. Include the IP whitelist to your app’s conf
  2. 2. How to define IP in range
Total : 39
2020
2019
2018
2017
2013
2010
2007
2000
AirPods Pro Apple accessory Aliyun Maven mirror Bandwagonhost VPS Screenshot macOS Windows GitLab docker docker-compose GitLab-runner Nginx Certbot SSL react vue chrome extension Android gitlab-runner gitlab pipeline subtitle VLAN media player VLC RSS Google reader generate artifact OnePlus 8 Series HydrogenOS OxygenOS Android 11 Developer Preview JWT JSONWebToken 微信小程序 Base64 IP whitelist diff defaultChecked Checkbox Ant design MySQL Character Set Collation Evernote 印象笔记国际版 OneNote GFW RecyclerView GHOST IN THE SHELL 2-step authentication 2FA NAS OracleCloud PowerDVD Blu-ray puppeteer commandline terminal DevOps download pending problem Ant Design getFieldDecorator Form User guide Windows Terminal Ant Design Pro i18n FeathersJS FeathersJS client HTTP RESTful CRUD Chinese Translation Community Android Storage Access Framework