Menu
I'm currently doing this in my nginx.conf:
allow 1.2.3.4;
deny;
What I'd really like to do is this:
allow my.domain.name;
deny;
I.e., I want nginx to do an A record lookup on my.domain.name at the time of the request, and if it matches the IP that the request is coming from, then allow it. I don't see any built-in mechanism to do this however. Anybody have a native way to do this before I start coding something custom?
697
We can enable a server block's configuration file by creating a symbolic link from the sites-available directory to the sites-enabled directory, which Nginx will read during startup. To do this, enter the following command: sudo ln -s /etc/nginx/sites-available/ example.com /etc/nginx/sites-enabled/
If no server_name is defined in a server block then nginx uses the empty name as the server name. nginx versions up to 0.8. 48 used the machine's hostname as the server name in this case. If a server name is defined as “ $hostname ” (0.9.
Restricting Directory AccessLog in to the web server. Locate the Nginx configuration template (see "Locating the Nginx configuration file"). Add the deny directive (see "The Deny Directive") to the server block of your site's configuration. Save your changes and restart Nginx.
ngx_http_rdns_module does what you need: https://www.nginx.com/resources/wiki/modules/rdns/ (https://github.com/flant/nginx-http-rdns)
This module allows to make a reverse DNS (rDNS) lookup for incoming connection and provides simple access control of incoming hostname by allow/deny rules (similar to HttpAccessModule allow/deny directives; regular expressions are supported). Module works with the DNS server defined by the standard resolver directive.
location / {
resolver 127.0.0.1;
rdns_deny badone\.example\.com;
if ($http_user_agent ~* FooAgent) {
rdns on;
}
if ($rdns_hostname ~* (foo\.example\.com)) {
set $myvar foo;
}
#...
}
There is no such feature in official distribution of nginx. Beacause it may heavily reduce performance.
Third party modules http://wiki.nginx.org/3rdPartyModules also doesn't contain this feature.
32
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
