NGINX deny IP wildcard?

Question

I currently deny IP addresses like this in the nginx.conf file:

deny 42.22.11.531;

But how would I deny

deny 42.22.*.*; <---- this obviously doesnt work, what is the correct syntax for nginx?

Ive seen:

deny 42.22.11.0/24 <---- not sure what this means, but it made me try

deny 42.22.0/999.0/999 <---- which fails.

So whats the correct syntax?

score 14 · Answer 1 · answered Dec 12 '10 at 16:44

14

This isn't nginx specific, it's a lack of understanding subnets in network math; /24 is a class C and /16 is a class B.

42.22.*.* = 42.22.0.0/16 = 42.22.0.0/255.255.0.0

answered Dec 12 '10 at 16:44

Arrrhhh!! Classful networking! It burns!. – Tom O'Connor Dec 12 '10 at 18:55
You're right though. He wants to block a whole /16 network. Ouch. This is almost never the right thing to do. – Tom O'Connor Dec 12 '10 at 18:56
looks like he wants to block a whole bunch of Australia; 42.0.0.0 - 42.255.255.255 is all down under on the big island. – Dec 12 '10 at 20:16
Nope... the IP I used is made up for the example – Dennis Dec 12 '10 at 22:21

Sameer · Answer 2 · 2010-12-13T02:45:03.500

2

deny 42.22.11.0/16 is the correct syntax.

More information on nginx blocking

/16 signifies Subnetwork. For further information click on the link to read.

edited Dec 13 '10 at 02:45

answered Dec 12 '10 at 03:52

Sameer

Thats not enough though. I want the equivalent of: 42.22.0/24.0/24 but that fails – Dennis Dec 12 '10 at 14:48
this comment doesn't address his question and you gave him the wrong answer. – Dec 12 '10 at 16:45

2 Answers2