How to block ip with NGINX
0. define block ip on nginx.conf
vim /etc/nginx/nginx.conf http { geo $ban_ip { default 0; include ban_ip.conf; } }
that will blocked ip by clientip on access.log, if want to block real ip behind proxy set like this:
http { geo $http_x_forwarded_for $ban_ip { default 0; include ban_ip.conf; } }
1. define blocked ip in server {}
vim /etc/nginx/sites-enabled/blackonsole.org.conf server { listen 80; server_name blackonsole.org; if ($ban_ip) { return 444; } }
2. add ip in ban_ip.conf
vim /etc/nginx/ban_ip.conf 1.3.4.5 US; 4.23.4.2 CN; 3.2.3.4 whatever;
3. test and reload NGINX
nginx -t nginx -s reload