How to block/allow IP-addresses in Nginx

Hypernode makes use of Nginx (pronunciation: ‘Engine X’). Nginx performs better than Apache for the same amount of visitores, this allows us to serve your webshop to more visitors than Apache could. Nginx does not use .htaccess files like Apache. This means that configuration previously done in .htaccess files now has to be done in a different format.

Blocking and allowing IP-addresses is done using the access module.

Denying everyone across the site

To deny all access from certain addresses, create a file in /data/web/nginx named server.blacklist, with the following contents:

deny 1.2.3.4; # Deny a single IP
deny 5.6.7.0/24; #Deny a IP range

Denying everyone across the site, except for certain addresses

To deny all access, except certain addresses, add a file named server.whitelist, with the following contents:

allow 1.2.3.4; # Allow a single remote host
deny all; # Deny everyone else

Denying or allowing only a specific location

To deny access to everybody except certain addresses to a specific directory or request, create a file called server.private-dir containing:

location ^~ /myadmin {
    allow 1.2.3.4;
    deny all;
    rewrite / /index.php break;
    echo_exec @phpfpm;
}

Denying access to your staging environment

If you want to allow only a specific ip address to your staging area, you can add the following snippet to a staging.whitelist, replacing yourdomain.hypernode.io with your base-url and YOURIP with the desired ip address.

if ($http_host ~ "yourdomain.hypernode.io:8443")  {
    set $block_me_now A;
}
if ($remote_addr != YOURIP) {
    set $block_me_now "${block_me_now}B";
}
if ($block_me_now = AB) {
    return 403;
    break;
}