How to Whitelist IP in Nginx

How to Whitelist IP in Nginx in 2021

What is Nginx?

Nginx is a web server that is commonly used as a reverse proxy, mail proxy, a load balancer, and HTTP cache. It was initially released on October 4th, 2004, and since then, it has gained a strong reputation among the web community.

According to a web server survey in 2016, Nginx was the second-most widely used web server in the category of ‘active’ sites. As of February 2020, Netcraft valued Nginx served at least 36.48% of all active websites ranked, ranking it first above Apache at 24.51%.

How Does Nginx Work?

Nginx is designed to offer low memory usage and high concurrency. On the web, several requests are made each second. Nginx uses concurrent technology and event-driven approach where each request is handled via a single thread, rather than generating new processes for each web request that comes its way.

Some noticeable features seen in Nginx include:

  • Reverse proxy
  • HTTP caching
  • Load balancing
  • IPv6
  • FastCGI support with caching
  • WebSockets
  • Handling of static files, index files, and auto-indexing

Steps to Whitelist IP in Nginx

1. Open NGINX configuration file

Run the following command if you are using NGINX’s main configuration file

$ sudo vi /etc/nginx/nginx.conf

If you have configured separate virtual hosts for your website (e.g www.example.com), then open its configuration with the following command:

$ sudo vi /etc/nginx/sites-enabled/example.conf

2. Whitelist IP in Nginx

For example, if you wish to whitelist IP 34.46.12.32 for a particular domain or a particular website, you simply have to add the following format in your configuration file.

allow 34.46.12.32;

deny all;

By adding the above format, Nginx will deny all requests coming from different IPs except the IP 34.46.12.32.

How to Whitelist IP in Nginx for a Domain

Add the above lines in any of the http, server or location / blocks as shown below

http{

   …

   allow 34.46.12.32;

   deny all;

   …

}

server{

allow 34.46.12.32;

deny all;

}

location / {

   allow 34.46.12.32;

   deny all;

How to Whitelist IP in Nginx for a Subdomain

Assuming you have two subdomains (blog.xyz.com and news.xyz.com) with their Nginx config files at /etc/nginx/sites-enabled/blog.conf and /etc/nginx/sites-enabled/news.conf

If you are looking to whitelist IP in Nginx for a single subdomain (blog.xyz.com) then add the above-mentioned 2 lines in blog.conf file of that subdomain.

$ sudo vim /etc/nginx/sites-enabled/blog.conf

In the file itself, add the following: 

server {

  server blog.xyz.com;

  allow 34.46.12.32;

  deny all;

}

If you are looking to whitelist IP for both subdomains, then add the 2 lines in both blog.conf and news.conf files. 

How to Whitelist IP Ranges in Nginx

Use the CIDR format for your IP range if you wish to allow an IP range such as 34.46.12.0 – 34.46.12.255. This is because Nginx accepts only IP addresses and CIDR formats.

location / {

  allow 34.46.12.0 /35;

  deny all;

}

How to Whitelist IP in Nginx for URL

If you wish to whitelist IP for just a single URL (e.g /accounts/login) then add the above allow directive in the location block of that URL.

location /accounts/login {

   allow 34.46.12.32;

   deny all;

}

How to Whitelist Multiple IPs in Nginx

If you want to allow access to multiple IP addresses in Nginx, simply add the following information, one for each IP

allow 34.46.12.32;

allow 34.46.12.10;

deny all;

You also have the option to combine IP and CIDR ranges together. Here’s the process:

allow 34.46.12.10;

allow 34.46.12.0/35;

deny all;

3. How to Restart Nginx

Run the command $ sudo nginx –t to check syntax of your updated config file. 

If you don’t come across any errors, run the following command to restart the Nginx server:

$ sudo service nginx reload #debian/ubuntu

$ systemctl restart nginx #redhat/centos

That’s all it takes! You now have the entire process of whitelisting IP on Nginx, its IP ranges, and how to restart Nginx.

Ather Owais Ather Owais is a tech and cybersecurity enthusiast. He is a strong advocate for online privacy and security, following technological trends and their impact on today's digital era.

Have Your Say!!

Join 3 million+ users to embrace internet freedom

Signup for PureVPN to get complete online security and privacy with a hidden IP address and encrypted internet traffic.

Shares