There are several ways to disable a specific IP in Nginx:
1. Use deny
instructions: In the Nginx configuration file, you can use deny
instructions to prohibit access from specific IPs. For example, to deny access to the IP address 192.168.1.100, you can add the following to the configuration file:
location / {
deny 192.168.1.100;
...
}
In this way, when a request comes from the IP address 192.168.1.100, Nginx will return a 403 Forbidden error.
2. Combination of usage allow
and deny
instructions: IP access can be restricted through a combination of usage allow
and instructions. deny
For example, to allow access from the IP address 192.168.1.0/24 but deny access from the IP address 192.168.1.100, you can add the following to the configuration file:
location / {
allow 192.168.1.0/24;
deny 192.168.1.100;
...
}
In this way, except for requests with IP address 192.168.1.100, other IP addresses will be allowed to access.
3. Use limit_conn
the and limit_req
directives of the HTTP module: In addition to using deny
the and allow
directives to prohibit access from specific IPs, you can also use the limit_conn
and limit_req
directives of the HTTP module to limit the number of connections and request frequency of specific IPs. These directives can be set in blocks in Nginx's configuration file http
. For example, to limit the number of connections to 1 for the IP address 192.168.1.100 and limit its request frequency to 10 requests/second, you can add the following to the configuration file:
http {
...
limit_conn_zone $binary_remote_addr zone=conn_limit_per_ip:10m;
limit_conn conn_limit_per_ip 1;
limit_req_zone $binary_remote_addr zone=req_limit_per_ip:10m rate=10r/s;
limit_req zone=req_limit_per_ip burst=20;
...
}
In this way, when the number of connections of the client with IP address 192.168.1.100 exceeds 1 or the request frequency exceeds 10 requests/second, Nginx will restrict its access. Through the above methods, you can effectively disable access to specific IPs in Nginx.