DEV Community

Cover image for ngx whitelist/blacklist module
samnang rosady
samnang rosady

Posted on

ngx whitelist/blacklist module

Image description

The ngx whitelist/blacklist module in nginx provides a straightforward way to restrict or permit access to your server based on the IP address of the client making the request. You can define specific IP addresses or ranges in your configuration to either allow or deny access to your server resources.

  • ngx_http_geo_module

    http_geo_module module creates variables with values depending on the client IP address. That means $c_ip_addr set value from ip value in file.

    • /etc/nginx/ip_rules/ips.conf
    163.38.139.42       1;
    15.228.203.250      1;
    146.16.251.134      0;
    
    • /etc/nginx/sites-available/
    geo $c_ip_addr {
      default 0;
      include /etc/nginx/ip_rules/ips.conf;
    }
    
    server {
      listen 80;
      server_name _;
    
      if ($c_ip_addr = 0) {
        return 403;
      }
    
      location / {
    
      }
    }
    
  • Restricting Access ngx_http_access_module

    • /etc/nginx/ip_rules/ip_block_rules.conf
    allow 192.168.1.1;
    allow 10.10.10.0/24;
    allow 203.0.113.0/24;
    
    • /etc/nginx/sites-available/
    server {
      listen 80;
      server_name nest.ubuntu.com;
    
      include /etc/nginx/ip_rules/ip_block_rules.conf;
      deny all;
    
      location / {
    
      }
    }
    

Which to Use:

  • Use ngx_http_geo_module: when you need granular control over access based on various criteria, require dynamic updates, or need to manage a large number of IP addresses efficiently.
  • Use ngx_http_access_module directives: when you have a simple use case of allowing or denying access to specific IP addresses or ranges and want a straightforward solution without the need for complex rules.

GitHub Sample Repository ๐Ÿณ

Enjoy you practice ๐ŸŒŸ

Image of Timescale

๐Ÿš€ pgai Vectorizer: SQLAlchemy and LiteLLM Make Vector Search Simple

We built pgai Vectorizer to simplify embedding management for AI applicationsโ€”without needing a separate database or complex infrastructure. Since launch, developers have created over 3,000 vectorizers on Timescale Cloud, with many more self-hosted.

Read more

Top comments (0)

Image of Docusign

๐Ÿ› ๏ธ Bring your solution into Docusign. Reach over 1.6M customers.

Docusign is now extensible. Overcome challenges with disconnected products and inaccessible data by bringing your solutions into Docusign and publishing to 1.6M customers in the App Center.

Learn more

๐Ÿ‘‹ Kindness is contagious

Please leave a โค๏ธ or a friendly comment on this post if you found it helpful!

Okay