HttpAccessModule
Contents |
Synopsis
This module provides a simple host-based access control.
Module nginx_http_access_module makes it possible to control access for specific IP-addresses of clients. Since nginx 08.22 IPv6 is supported.
Access rules are checked according to the order of their declaration. The first rule that matches a particular address or set of addresses is the one that is obeyed.
Example configuration:
In this example access is granted to networks 10.1.1.0/16 and 192.168.1.0/24 with the exception of address 192.168.1.1, which is denied access together with all other addresses as defined by the deny all rule that is matched last in this location block. In addition it allows one specific IPv6 address. All others would be denied.
Note that the order of the deny/allow is of the utmost importance. If you're coming from the Apache world you might be tempted to think that you can switch the access directives order and everything will work. In fact it doesn't. Switching the order in the above example has the result of denying access to all addresses. Consider the following incorrect situation:
If you are using many access rules you should consider that the GeoIP module is a preferred alternative to the Access module.
Directives
allow
| Syntax: |
allow address | CIDR | all |
| Default: | |
| Context: |
http server location limit_except |
| Reference: | allow |
Directive grants access for the network or addresses indicated.
deny
| Syntax: |
deny address | CIDR | all |
| Default: | |
| Context: |
http server location limit_except |
| Reference: | deny |
Directive forbids access for the network or addresses indicated.
Tips & Tricks
The NginxHttpAccessModule can be used in conjunction with the error_page directive to redirect unauthorised visitors to an alternative site:
