Nginx Allow Ip Range
Sep 13, 2016 · 1 minute readCategory: nginx
When specifying Nginx config, a common requirement is to control access to particular routes or even servers and use IP addresses as the method of restriction.
Generally that’s quite simple, you can just allow 123.123.123.123;
for any IPs you want to allow and then conclude with deny all;
However - what if you have quite a large range of IPs to block - do you need to do a separate allow for each line?
The answer of course is no, there is a much more elegant solution, however it uses the rather opaque CIDR format for specifying the range.
I could explain it to you but I’d be lying if I pretended I understand it. Instead, here is a link to a great little calculator in which you can specify the starting and ending IPs and it will give you the correct CIDR notation to paste in - yay!
http://www.ipaddressguide.com/cidr#range
Just paste in your starting and ending IPs (eg 123.123.123.100
and 123.123.123.150
) and press Calculate and you will then get the CIDR version, in this instance:
123.123.123.100/30
123.123.123.104/29
123.123.123.112/28
123.123.123.128/28
123.123.123.144/30
123.123.123.148/31
123.123.123.150/32
Much better than 50 lines of config. I’d suggest putting a comment above it explaining what its actually doing in your config though.