Setup An IP Whitelist With Nginx
Basic Configuration
Define a common IP whitelist conf to be included
Edit /etc/nginx/conf.d/shared/ipwhitelist.conf
deny 192.168.1.1; # deny the actual IP address
allow 127.0.0.1; # allow the actual IP address to access such as 127.0.0.1 for localhost
allow 192.168.0.0/16; # allow IP addresses in range
allow 172.16.0.0/16;
allow 10.10.0.0/16;
deny all; # deny the rest of the world
Include the IP whitelist to your app's conf
Edit /etc/nginx/conf.d/your.conf
server{
include /etc/nginx/conf.d/shared/ipwhitelist.conf
}
How to define IP in range
| RFC1918 name | IP address range | Number of addresses | Largest CIDR block (subnet mask) | Host ID size | Mask bits | Classful description |
|---|---|---|---|---|---|---|
| 24-bit block | 10.0.0.0 – 10.255.255.255 | 16777216 | 10.0.0.0/8 (255.0.0.0) | 24 bits | 8 bits | single class A network |
| 20-bit block | 172.16.0.0 – 172.31.255.255 | 1048576 | 172.16.0.0/12 (255.240.0.0) | 20 bits | 12 bits | 16 contiguous class B networks |
| 16-bit block | 192.168.0.0 – 192.168.255.255 | 65536 | 192.168.0.0/16 (255.255.0.0) | 16 bits | 16 bits | 256 contiguous class C networks |
See Wikipedia: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses