Ubuntu & Linux

How to Block Direct IP Access to Your Nginx Web Server

Duy Anh
By Duy Anh

As a robust web server, Nginx is a popular choice for powering websites and web applications. However, a common security concern arises when direct IP access to the server is left unfettered. This guide tackles this issue head-on, providing you with the knowledge and tools to effectively block direct IP access, safeguarding your Nginx web server from unauthorized intrusion and potential data breaches.

Block access to Nginx Server by IP

For example, if you have a website called arriveddev.com and its IP address is 134.24.149.46, when users enter 134.24.149.46 directly into their browser, they can still be redirected to your website. However, this method is less secure and could make your site susceptible to DDoS attacks. To enhance security and prevent direct access to your Nginx server from specific IP addresses, you can follow the steps below to block IP address in Nginx.

Reinforce Nginx Security: Restrict Direct IP Access and Protect Your Web Server

Step 1: Create a new Nginx configuration file

Login to the server using SSH and create a separate configuration file, for example, block_direct_access_ip.conf.

sudo nano /etc/nginx/sites-available/block_direct_access_ip.conf

And add this content file:

server {
    listen 80 default_server;
    listen [::]:80;
    server_name _;
    return 444;
}

server {
    listen 443 ssl http2 default_server;
    listen [::]:443;
    server_name _;
    ssl_certificate /etc/nginx/ssl/public.crt;
    ssl_certificate_key /etc/nginx/ssl/private.key;
    return 444;
}
Create Nginx config file

Step 2: Generate SSL certificate for HTTPS authentication

The above configuration will block direct access to nginx server by IP address including IPV4 and IPV6 as well as HTTP and HTTPS. However for it to work you need to create the file public.crt and private.key, keep running the command to create crt and key:

sudo openssl req -x509 -nodes -days 365 -newkey rsa:2048 -keyout /etc/nginx/ssl/private.key -out /etc/nginx/ssl/public.crt

Then open the file /etc/nginx/nginx.conf, add in http {} the line include /etc/nginx/sites-available/*.conf;

include config file

Finally, restart Nginx for the changes to take effect. And you can check by entering your IP address directly into the browser.

sudo service nginx restart

By following the above steps, you have successfully blocked any direct access requests from your IP address to your Nginx server. This significantly enhances security by blocking IP addresses in Nginx and allowing access only through the official domain name.

Share This Article
Leave a comment
Subscribe
Notify of
0 Comments
Inline Feedbacks
View all comments

You Might Also Like

How to Install and Use qBittorrent on Ubuntu 22.04/24.04

How to Test Your Linux VPS Speed with Command-Line Tools

How to Schedule Shutdown on Ubuntu/Linux Using Terminal

Why Ubuntu is the Perfect Linux Distribution for Developers

Ubuntu 22.04: Fix Screen Turn Off When Click Settings

Stay Connected

YOU MIGHT ALSO LIKE

Wubuntu - Linux Like Windows
Wubuntu OS: The Linux Distro That Looks Like Windows
Install Sendmail Ubuntu Using Gmail SMTP
How to Install Sendmail & Configure Gmail SMTP On Ubuntu 22.04/24.04
Web PHP.ini Optimizations
13 PHP.ini Optimizations for Enhanced Website Performance
install sublime text ubuntu 22.04
How to install Sublime Text 4 on Ubuntu 22.04/24.04 LTS
Ubuntu 24.04 New Features
Ubuntu 24.04: New Features and Improvements
install wordpress on localhost xampp
How to install WordPress on Localhost Xampp Windows 10, 11