Nginx Allow Ip Range

When specifying Nginx config, a common requirement is to control access to particular routes or even servers and use IP addresses as the method of restriction.

Generally that’s quite simple, you can just allow; for any IPs you want to allow and then conclude with deny all;

However - what if you have quite a large range of IPs to block - do you need to do a separate allow for each line?

The answer of course is no, there is a much more elegant solution, however it uses the rather opaque CIDR format for specifying the range.

I could explain it to you but I’d be lying if I pretended I understand it. Instead, here is a link to a great little calculator in which you can specify the starting and ending IPs and it will give you the correct CIDR notation to paste in - yay!

Just paste in your starting and ending IPs (eg and and press Calculate and you will then get the CIDR version, in this instance:

Much better than 50 lines of config. I’d suggest putting a comment above it explaining what its actually doing in your config though.

Tags: nginxiprangerestrictionlinuxweb