Blocking by IP list via Nginx.conf

Blocking by IP list via Nginx.conf

1. Open the file /etc/nginx/nginx.conf for editing and add after http {

include /etc/nginx/blockips.conf;

    
    where /etc/nginx/ is the path to the blockips.conf file from the server root.

http {
    include /etc/nginx/blockips.conf;

    
2. Create a text file blockips.conf with UTF-8 encoding on the locale in Notepad ++.

3. Add a list of blocked IP addresses to the file according to the sample (the following options are possible):

deny 31.220.61.77;
deny 185.84.148.0/22;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe/22;

Note:
    Tools for creating a list of blocked IP addresses:
    
    1) Spam-IP for the last 10 days - a ready-made list: 
   https://ru.myip.ms/files/blacklist/csf/latest_blacklist.txt
    
    2) Spam-IP for the last time added manually by users - ready-made list: https://ru.myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt
    
    To quickly edit the lists downloaded above, use the text editor Notapad ++:
        - press Ctrl + H to open the automatic replacement window.
        - check the Extended checkbox in the replacement window.
        - then replace \r with ;
        - then replace \n with \ndeny(space)
        - to get it like this: 
          deny 46.101.204.143;
          deny 55.101.204.143/21;
    
    Additional tools for creating a list of blocked IP addresses:
    3) Network calculator: http://ru.smart-ip.net/calculator#ipv4
    4) IP to CIDR: http://ip2cidr.com/bulk-ip-to- cidr-converter.php
    5) Creating a list of IPs in CIDR format by country: http://software77.net/geo-ip/ (on the right, there are Country IP listing blocks, select a country and CIDR).
    
4. Upload blockips.conf to the server via ssh, give it CMOD 644 rights through any ssh file manager.

5. Restart Nginx, for example, like this: service nginx restart

6. Update the list periodically, at least once a month.

PS Added a sample file with a list of spam IPs and also adding the country Ukraine below (adding Ukraine greatly reduced the number of spammers on my sites, but this is purely individual).

Fresh blacklist for Nginx:

blockips.conf

 

Вас заинтересует / Intresting for you:

Working with firewalls in Linu...
Working with firewalls in Linu... 527 views Zero Cool Tue, 10 Aug 2021, 18:05:14
Troubleshooting SELinux issues
Troubleshooting SELinux issues 762 views Zero Cool Wed, 21 Jul 2021, 19:22:08
Fail2ban and Nginx: block unwa...
Fail2ban and Nginx: block unwa... 825 views Игорь Воронов Thu, 07 Oct 2021, 10:25:45
The /etc/shadow File in Linux
The /etc/shadow File in Linux 1335 views Mike Sun, 07 Feb 2021, 08:57:45

Comments (0)

There are no comments posted here yet

Leave your comments

  1. Posting comment as a guest. Sign up or login to your account.
0 Characters
Attachments (0 / 3)
Share Your Location
Type the text presented in the image below