2

I am running Nginx behind a proxy. I am getting visitors' real IP addresses through X-Forwarded-For HTTP request header. I'd like to block individual IPs based on a dynamic block list, up to 10000+ IPs.

I was looking into ModSecurity to do this, but it looks too complex with very arcane and brittle configuration language just for doing IP blocking. What other alternatives there are?

Also, it is viable to generate Nginx rules configuration (ip-blocklist.conf) for the inclusion in the main Nginx config e.g. for every 5 minutes and then gracefully restart Nginx? How scaleable are Nginx rules e.g. up to 10k entries?

Mikko Ohtamaa
  • 1,364
  • 3
  • 17
  • 28
  • What are you trying to block? You may be better off doing something other than blocking within nginx. – Michael Hampton Jun 06 '14 at 14:56
  • I am blocking certain requests behind a proxy and in this case the requests cannot be blocked before the proxy. – Mikko Ohtamaa Jun 06 '14 at 22:36
  • Found this - have not yet tried whether it works a solution or not http://devblog.mixlr.com/2012/09/01/nginx-lua/?utm_source=feedburner&utm_medium=feed&utm_campaign=Feed%3A+NoFactZone+%28No+Fact+Zone+-+Stephen+Colbert+news+blog+and+fan+site%29 – Mikko Ohtamaa Jun 09 '14 at 10:11
  • I don't know, since you still haven't explained what you are trying to do. – Michael Hampton Jun 09 '14 at 11:35

0 Answers0