how to whitelist ip in nginx

How To Whitelist IP in Nginx

NGINX allows you to Whitelist IP addresses as well as IP ranges to your website, and allow access to only specific people in your business. Here’s how to whitelist IP in NGINX. We will also look at how to whitelist IP range for domain, subdomain and URL. This is useful if your website contains sensitive information that you don’t want to share publicly, and for corporate websites.

 

How To Whitelist IP in Nginx

Here are the steps to whitelist IP in NGINX.

1. Open NGINX configuration file

If you are using NGINX’s main configuration file nginx.conf, without virtual hosts, then run the following command

$ sudo vi /etc/nginx/nginx.conf

If you have configured separate virtual hosts for your website (e.g www.example.com), such as /etc/nginx/sites-enabled/example.conf then open its configuration with the following command

$ sudo vi /etc/nginx/sites-enabled/example.conf

 

Bonus Read : How to Redirect URL to Another Domain in NGINX

 

2. Whitelist IP in NGINX

There are multiple ways to whitelist IP in NGINX. We will look at each of them. If you want to whitelist IP 45.43.23.21 for domain or your entire website, you can add the following lines in your configuration file.

allow 45.43.23.21;
deny all;

The above lines will make NGINX deny all except IP 45.43.23.21. The first line allow 45.43.23.21 will allow access from that IP. deny all will block all other IPs.

 

Whitelist IP in NGINX for domain

Add the above lines in any of the http, server or location / blocks as shown below

http{
   ...
   allow 45.43.23.21;
   deny all;
   ...
}

server{
    ...
    allow 45.43.23.21;
    deny all;
    ...
}


location / {
   allow 45.43.23.21;
   deny all;
}

Bonus Read : How to Change NGINX Port Number

 

Whitelist IP in NGINX for subdomain

Let’s say you have two subdomains (blog.example.com and articles.example.com) with their NGINX config files at /etc/nginx/sites-enabled/blog.conf and /etc/nginx/sites-enabled/articles.conf

If you want to whitelist IP in NGINX for only 1 subdomain (e.g blog.example.com) then place the above-mentioned 2 lines in blog.conf file of that subdomain

$ sudo vim /etc/nginx/sites-enabled/blog.conf

 

server {
  server blog.example.com;
  allow 45.43.23.21;
  deny all;
}

If you want to whitelist IP in both subdomains, then add the 2 lines in both blog.conf and articles.conf files.

Bonus Read : How to Rewrite URL Parameters in NGINX

 

Whitelist IP range in NGINX

If you want to allow an IP range such as 45.43.23.0 – 45.43.23.255, then use the CIDR format for your IP range, since NGINX accepts only IP addresses and CIDR formats. You can get the CIDR for your IP address range using IP to CIDR tools.

location / {
  allow 45.43.23.0/24;
  deny all;
}

 

Whitelist IP in NGINX for URL

If you want to whitelist IP for just one URL (e.g /accounts/login) then add the above allow directive in location block of that URL.

location /accounts/login {
   allow 45.43.23.21;
   deny all;
}

Bonus Read : How to Move Web Root in NGINX

 

Whitelist Multiple IP in NGINX

If you want to whitelist multiple IP in NGINX to allow access to multiple IP addresses, just add multiple allow directives as shown below, one for each IP

allow 45.43.23.21;
allow 44.23.13.10;
deny all;

You can also combine IP and CIDR ranges together, as shown below

If you want to whitelist multiple IP in NGINX to allow access to multiple IP addresses, just add multiple allow directives as shown below, one for each IP

allow 44.23.13.10;
allow 45.43.23.0/24;
deny all;

 

3. Restart NGINX

Run the following command to check syntax of your updated config file.

$ sudo nginx -t

 

If there are no errors, run the following command to restart NGINX server.

$ sudo service nginx reload #debian/ubuntu
$ systemctl restart nginx #redhat/centos

 

That’s it! Now NGINX will allow access to only those IP addresses and ranges mentioned in your configuration file.

By the way, if you want to create charts & dashboards to monitor your business or website, you can try Ubiq. We offer a 14-day free trial.