0
0
NginxHow-ToBeginner · 3 min read

How to Allow Specific IP in Nginx: Simple Guide

To allow a specific IP in nginx, use the allow directive with the IP address inside a location or server block, followed by deny all; to block others. This setup restricts access so only the specified IP can reach the site or resource.
📐

Syntax

The allow directive specifies which IP addresses can access the resource. The deny directive blocks all other IPs not explicitly allowed. These directives are placed inside a server or location block in the Nginx configuration.

Example parts:

  • allow 192.168.1.100; - permits this IP
  • deny all; - blocks everyone else
nginx
location / {
    allow 192.168.1.100;
    deny all;
}
💻

Example

This example shows how to allow only the IP 203.0.113.5 to access the entire website, while denying all other IPs.

nginx
server {
    listen 80;
    server_name example.com;

    location / {
        allow 203.0.113.5;
        deny all;
    }
}
Output
When a user from IP 203.0.113.5 visits example.com, they see the website normally. Users from any other IP receive a 403 Forbidden error.
⚠️

Common Pitfalls

Common mistakes include:

  • Placing allow and deny outside server or location blocks, which makes them ineffective.
  • Forgetting to reload or restart Nginx after changes, so new rules don't apply.
  • Using incorrect IP formats or missing semicolons.
  • Not ordering allow before deny, which can cause unexpected access results.
nginx
location / {
    deny all;
    allow 203.0.113.5;
}

# This will deny all, including the allowed IP, because deny comes first.

# Correct order:
location / {
    allow 203.0.113.5;
    deny all;
}
📊

Quick Reference

DirectivePurposeExample
allowPermits access from specified IP or subnetallow 192.168.0.1;
denyBlocks access from specified IP or alldeny all;
locationDefines URL path to apply ruleslocation /admin/ { ... }
serverDefines virtual server blockserver { listen 80; ... }

Key Takeaways

Use allow to specify permitted IPs and deny all; to block others.
Place allow and deny inside location or server blocks.
Always reload Nginx after configuration changes with nginx -s reload.
Order matters: allow directives must come before deny.
Check IP format carefully to avoid access issues.

Related by keyword

Disable Logging for Specific Path in Nginx: Simple GuideLoggingHow to Start Nginx: Simple Commands to Run Nginx ServerGetting StartedHow to Configure Multiple Sites in Nginx: Simple GuideConfiguration BasicsHow to Create Server Block in Nginx: Simple GuideConfiguration BasicsHow to Create Virtual Host in Nginx: Simple GuideConfiguration Basics

Up next

How to Set gzip_types in Nginx for CompressionRoot vs Alias in Nginx: Key Differences and UsageHow to Configure Logging in Nginx: Syntax and ExamplesHow to Rotate Nginx Logs: Simple Guide for Log Management

More in Security

How to Block IP Address in Nginx: Simple GuideHow to Block Referrer Spam in Nginx: Simple GuideHow to Block User Agent in Nginx: Simple GuideHow to Configure Basic Auth in Nginx: Simple Guide