Nginx Allow Ip Range

When specifying Nginx config, a common requirement is to control access to particular routes or even servers and use IP addresses as the method of restriction.

Generally that’s quite simple, you can just allow 123.123.123.123; for any IPs you want to allow and then conclude with deny all;

However - what if you have quite a large range of IPs to block - do you need to do a separate allow for each line?

The answer of course is no, there is a much more elegant solution, however it uses the rather opaque CIDR format for specifying the range.

I could explain it to you but I’d be lying if I pretended I understand it. Instead, here is a link to a great little calculator in which you can specify the starting and ending IPs and it will give you the correct CIDR notation to paste in - yay!

http://www.ipaddressguide.com/cidr#range

Just paste in your starting and ending IPs (eg 123.123.123.100 and 123.123.123.150) and press Calculate and you will then get the CIDR version, in this instance:

123.123.123.100/30
123.123.123.104/29
123.123.123.112/28
123.123.123.128/28
123.123.123.144/30
123.123.123.148/31
123.123.123.150/32

Much better than 50 lines of config. I’d suggest putting a comment above it explaining what its actually doing in your config though.


Tags: nginxiprangerestrictionlinuxweb