Setup An IP Whitelist With Nginx

ShīnChvën

Wants to Accomplish Wonders

Home Tags Channel Donate Me

Created by ShinChven

ShinChven's Blog

ShīnChvën

Wants to Accomplish Wonders

Home Tags Channel Donate Me

Created by ShinChven

Setup An IP Whitelist With Nginx

IP whitelist, Nginx

Fri Mar 10 2017

Basic Configuration

Define a common IP whitelist conf to be included

Edit /etc/nginx/conf.d/shared/ipwhitelist.conf

deny 192.168.1.1;       # deny the actual IP address
allow 127.0.0.1;        # allow the actual IP address to access such as 127.0.0.1 for localhost
allow 192.168.0.0/16;   # allow IP addresses in range
allow 172.16.0.0/16;
allow 10.10.0.0/16;
deny all;               # deny the rest of the world

Include the IP whitelist to your app's conf

Edit /etc/nginx/conf.d/your.conf

server{
   include /etc/nginx/conf.d/shared/ipwhitelist.conf
}

How to define IP in range

RFC1918 name	IP address range	Number of addresses	Largest CIDR block (subnet mask)	Host ID size	Mask bits	Classful description
24-bit block	10.0.0.0 – 10.255.255.255	16777216	10.0.0.0/8 (255.0.0.0)	24 bits	8 bits	single class A network
20-bit block	172.16.0.0 – 172.31.255.255	1048576	172.16.0.0/12 (255.240.0.0)	20 bits	12 bits	16 contiguous class B networks
16-bit block	192.168.0.0 – 192.168.255.255	65536	192.168.0.0/16 (255.255.0.0)	16 bits	16 bits	256 contiguous class C networks

See Wikipedia: https://en.wikipedia.org/wiki/Private_network#Private_IPv4_addresses