Last updated on September 21st, 2021 at 11:02 am
NGINX allows you to Whitelist IP addresses as well as IP ranges to your website, and allow access to only specific people in your business. Here’s how to whitelist IP in NGINX. We will also look at how to whitelist IP range for domain, subdomain and URL. This is useful if your website contains sensitive information that you don’t want to share publicly, and for corporate websites.
How To Whitelist IP in Nginx
Here are the steps to whitelist IP in NGINX.
1. Open NGINX configuration file
If you are using NGINX’s main configuration file nginx.conf, without virtual hosts, then run the following command
$ sudo vi /etc/nginx/nginx.conf
If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/example.conf then open its configuration with the following command
$ sudo vi /etc/nginx/sites-enabled/example.conf
Bonus Read : How to Redirect URL to Another Domain in NGINX
2. Whitelist IP in NGINX
There are multiple ways to whitelist IP in NGINX. We will look at each of them. If you want to whitelist IP 45.43.23.21 for domain or your entire website, you can add the following lines in your configuration file.
allow 45.43.23.21; deny all;
The above lines will make NGINX deny all except IP 45.43.23.21. The first line allow 45.43.23.21 will allow access from that IP. deny all will block all other IPs.
Whitelist IP in NGINX for domain
Add the above lines in any of the http, server or location / blocks as shown below
http{
...
allow 45.43.23.21;
deny all;
...
}
server{
...
allow 45.43.23.21;
deny all;
...
}
location / {
allow 45.43.23.21;
deny all;
}
Bonus Read : How to Change NGINX Port Number
Whitelist IP in NGINX for subdomain
Let’s say you have two subdomains (blog.example.com and articles.example.com) with their NGINX config files at /etc/nginx/sites-enabled/blog.conf and /etc/nginx/sites-enabled/articles.conf
If you want to whitelist IP in NGINX for only 1 subdomain (e.g blog.example.com) then place the above-mentioned 2 lines in blog.conf file of that subdomain
$ sudo vim /etc/nginx/sites-enabled/blog.conf
server {
server blog.example.com;
allow 45.43.23.21;
deny all;
}
If you want to whitelist IP in both subdomains, then add the 2 lines in both blog.conf and articles.conf files.
Bonus Read : How to Rewrite URL Parameters in NGINX
Whitelist IP range in NGINX
If you want to allow an IP range such as 45.43.23.0 – 45.43.23.255, then use the CIDR format for your IP range, since NGINX accepts only IP addresses and CIDR formats. You can get the CIDR for your IP address range using IP to CIDR tools.
location / {
allow 45.43.23.0/24;
deny all;
}
Whitelist IP in NGINX for URL
If you want to whitelist IP for just one URL (e.g /accounts/login) then add the above allow directive in location block of that URL.
location /accounts/login {
allow 45.43.23.21;
deny all;
}
Bonus Read : How to Move Web Root in NGINX
Whitelist Multiple IP in NGINX
If you want to whitelist multiple IP in NGINX to allow access to multiple IP addresses, just add multiple allow directives as shown below, one for each IP
allow 45.43.23.21; allow 44.23.13.10; deny all;
You can also combine IP and CIDR ranges together, as shown below
If you want to whitelist multiple IP in NGINX to allow access to multiple IP addresses, just add multiple allow directives as shown below, one for each IP
allow 44.23.13.10; allow 45.43.23.0/24; deny all;
3. Restart NGINX
Run the following command to check syntax of your updated config file.
$ sudo nginx -t
If there are no errors, run the following command to restart NGINX server.
$ sudo service nginx reload #debian/ubuntu $ systemctl restart nginx #redhat/centos
That’s it! Now NGINX will allow access to only those IP addresses and ranges mentioned in your configuration file.
By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.
Sreeram Sreenivasan is the Founder of Ubiq. He has helped many Fortune 500 companies in the areas of BI & software development.