In this article, we will look at how to block unwanted IP addresses in the Nginx web server. So, step by step instructions:
1. Open the file /etc/nginx/nginx.conf
for editing and add after http {
http {
include /etc/nginx/blockips.conf;
where /etc/nginx/
is the path to the blockips.conf file from the server root.
2. Create a text file blockips.conf
with UTF-8 encoding on the locale in Notepad ++ (or in any other text editor).
3. Add a list of blocked IP addresses to the file according to the example (such options are possible):
deny 31.220.61.77;
deny 185.84.148.0/22;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe;
deny 2a02:748:b000:3:a87a:866d:94f0:ffbe/22;
Note! You can use ready-made (collected by special services) lists of unwanted (spam) addresses:
1) Spam IP for the last 10 days - a ready-made list: https://ru.myip.ms/files/blacklist/csf/latest_blacklist.txt
2) Recently spam IPs added manually by users - a ready-made list: https://ru.myip.ms/files/blacklist/csf/latest_blacklist_users_submitted.txt
To quickly edit the lists downloaded above, use the text editor Notapad ++:
- pressCtrl + H
to open the automatic replacement window.
- check the Extended checkbox in the replacement window.
- then replace\r
with;
- then replace\n
with\ndeny(space)
- to get like this:
deny 46.101.204.143;
deny 55.101.204.143/21;
Additional tools to create a list of blocked IP addresses:
3) Network calculator: http://ru.smart-ip.net/calculator#ipv4
4) IP to CIDR: http://ip2cidr.com/bulk-ip-to-cidr-converter.php
5) Creating a list of IPs in CIDR format by country: http://software77.net/geo-ip/ (on the right, there are Country IP listing blocks, select a country and CIDR).
4. Upload blockips.conf
to the server via ssh, give it CMOD 644
rights through any ssh file manager:
CMOD 644 /etc/nginx/blockips.conf
5. Restart Nginx, for example, like this:
service nginx restart
or
systemctl restart nginx
6. Update the list periodically, at least once a month.
Note! Added a sample file with a list of spam IPs and also adding the country Ukraine below (adding Ukraine greatly reduced the number of spammers on my sites, but this is purely individual).