SHINCHVEN'S HEXO

Setup An IP Whitelist With Nginx

Count: 231Reading time: 1 min
2017/03/10 Share

Basic Configuration

Define a common IP whitelist conf to be included

/etc/nginx/conf.d/shared/ipwhitelist.conf
1
2
3
4
5
6
deny 192.168.1.1;       # deny the actual IP address
allow 127.0.0.1; # allow the actual IP address to access such as 127.0.0.1 for localhost
allow 192.168.0.0/16; # allow IP addresses in range
allow 172.16.0.0/16;
allow 10.10.0.0/16;
deny all; # deny the rest of the world

Include the IP whitelist to your app’s conf

/etc/nginx/conf.d/your.conf
1
2
3
server{
include /etc/nginx/conf.d/shared/ipwhitelist.conf
}

How to define IP in range

RFC1918 name IP address range Number of addresses Largest CIDR block (subnet mask) Host ID size Mask bits Classful description
24-bit block 10.0.0.0 – 10.255.255.255 16777216 10.0.0.0/8 (255.0.0.0) 24 bits 8 bits single class A network
20-bit block 172.16.0.0 – 172.31.255.255 1048576 172.16.0.0/12 (255.240.0.0) 20 bits 12 bits 16 contiguous class B networks
16-bit block 192.168.0.0 – 192.168.255.255 65536 192.168.0.0/16 (255.255.0.0) 16 bits 16 bits 256 contiguous class C networks

See Wikipedia: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses

CATALOG
  1. 1. Basic Configuration
    1. 1.1. Define a common IP whitelist conf to be included
    2. 1.2. Include the IP whitelist to your app’s conf
  2. 2. How to define IP in range