If you are using Nginx as your web server, you may want to consider blocking access to certain hosts. This can help protect your site from potential attacks by malicious users. To do this, you will need to set up a rule in Nginx that allows only specific hosts to access the server. This can be done by editing the file /etc/nginx/sites-available/default and adding the following line: server { listen 80; # allow all other ports }
It would have been more secure to setup nginx HTTP Auth instead, and prompt for a username and password, and that would have also allowed me to more easily use my mobile devices to access the site. But if you’ve ever used HTTP auth you know that it’s extremely annoying, especially on mobile, to have to enter your credentials all the time.
So instead, I used a simple IP address allow rule for my office IP, and blocked everything else.
Open up your nginx.conf file (or whichever nginx configuration file you are using for your particular site) and add the following to either your server block or a specific location block, depending on how granular you want to get with the block.
To allow a range of IPs:
Or to allow only a single IP:
And then below that, to block everybody else:
So you’ll end up with a server or location block that looks something like this:
It’s really about as simple as that. Now you’ll want to reload your nginx server, which you can do with this command for Ubuntu or Debian servers:
Or you can directly reload using the nginx executable, assuming it’s located in the same place as mine (adjust the path otherwise)
The -s argument tells nginx you are going to send a “signal” and that signal is “reload”, which gracefully reloads the server without causing lots of problems.