Computer/Server

Nginx Deny all, allow specific ip

생각하는달팽이 2020. 4. 25. 02:04

Requirements

- Deny all ips.

- Allow specific ips ( public ip )

 

Prepare

0. Check your nginx

nginx -V

1. If not Install or reinstall nginx with 

--with-http_realip_module

2. modified nginx.conf

http {
  server {
    (snip)
    set_real_ip_from  {from ip};          # IP range
    real_ip_header    X-Forwarded-For;
  }
}

3. implement deny, allow ( server, or location )

server {
	(snip)
    deny all;
    allow xxx.xxx.000.000/16
    allow xxx.000.000.000/8
}

4. nginx restart or reload

 

Question

- what is {from ip} 

 if you using lb, or something proxy. you need to know that env internal ip.

- If using cdn.

   - https://medium.com/@pahud/get-real-ip-coming-via-aws-cloudfront-and-elb-to-nginx-d418e5070976

 

[HOWTO] Get real IP coming via AWS CloudFront and ELB to nginx

Background

medium.com

  - akami : You need turn on option in akmai console. and change real_ip

 

반응형