Home / server / Questions / 696960
Accepted
wadge
Asked: 2015-06-06 10:17:09 +0800 CST

Block Nginx for everyone except office IP

  • 772

Is it possible to configure nginx so that ALL websites are only accessible from the office IP address only?

This is a development server that, on some sites (too many to block one by one) accidentaly has some views and activity going and I want to block everyones' access except the people in the office which come from the office IP.

Is there any way to that?

nginx

4 Answers

  1. Best Answer

    Why it needs firewall? allow/deny directives can be used not only in location sections, but in http section too.

    http {
  allow 192.168.1.10; # office ip
  deny all;

  server {
    server_name acme1.com;
    # ...
  }

  server {
    server_name acme2.com;
    # ...
  }

}
    • 8

  2. Sounds more like a work for a firewall. Assuming you are running Linux you could use iptables.

    iptables -A INPUT -p tcp --src source_address --dport destination_port -j ACCEPT
iptables -A INPUT -p tcp --dport destination_port -j DROP
    • 1

  3. I'd use iptables to block port 80 for all IPs except your office.

    • 0

  4. As mentionned, iptables is an option.

    As an alternative you can use the Nginx ngx_http_access_module to restrict access.

    E.g assuming your office network is 192.168.1.0/24 :

    location / {
    allow 192.168.1.0/24; # Office network
    deny  all;
    ...
    ...
}

    Or

    location / {
    allow 192.168.1.10; # James
    allow 192.168.1.11; # John
    deny  all;
    ...
    ...
}

    Note : using this approach, users with IPs not allowed will get a 403, not a "site unreachable".

    http://nginx.org/en/docs/http/ngx_http_access_module.html

    • 0