Mikko Ohtamaa

Asked: 2014-06-07 02:04:30 +0800 CST2014-06-07 02:04:30 +0800 CST 2014-06-07 02:04:30 +0800 CST

Nginx and dynamic X-Forwarded-For blocklist

I am running Nginx behind a proxy. I am getting visitors' real IP addresses through X-Forwarded-For HTTP request header. I'd like to block individual IPs based on a dynamic block list, up to 10000+ IPs.

I was looking into ModSecurity to do this, but it looks too complex with very arcane and brittle configuration language just for doing IP blocking. What other alternatives there are?

Also, it is viable to generate Nginx rules configuration (ip-blocklist.conf) for the inclusion in the main Nginx config e.g. for every 5 minutes and then gracefully restart Nginx? How scaleable are Nginx rules e.g. up to 10k entries?

Nginx and dynamic X-Forwarded-For blocklist

Can you pass user/pass for HTTP Basic Authentication in URL parameters?

Ping a Specific Port

Check if port is open or closed on a Linux server?

How to automate SSH login with password?

How do I tell Git for Windows where to find my private RSA key?

What's the default superuser username/password for postgres after a new install?

What port does SFTP use?

Command line to list users in a Windows Active Directory group?

What is a Pem file and how does it differ from other OpenSSL Generated Key File Formats?

How to determine if a bash variable is empty?

Nginx and dynamic X-Forwarded-For blocklist

0 Answers