Hi,
I am setting up a reverse proxy in freebsd with nginx.
How can I deny access to a specific IP on my internal network?
In my case I have defined the following within the location / parameter:


location / {
include snippets/proxy-params.conf;
include snippets/internal-access-rules.conf;
proxy_pass http://107.XXX.XXX.XXX/;
}


Where in "internal-access-rules.conf" I have placed:

allow 192.168.1.0/24;
deny all;

Then I restart the nginx.
When trying to access the domain from the blocked network or from any other network I can access without problems when I should be blocked. What could be happening?

Regards

Diego

Try this at the very top without adding it to a location directive:

server {
allow 192.168.1.0/24;
deny all;

This "Should" block all external (non-local) traffic to your webserver, and only allow traffic on your lan to see you webpage.

If you are trying to block something on your LAN, then you need to specify the specific IP in the allow and deny directives. You currently are allowing all of your lan traffic to your webserver with 192.168.1.0/24, because that is indicating that your entire subnet should be allowed. If you want to allow only one computer on your lan access, then you need to specify that computers address in the allow part, and the rest should be blocked.

Example:
server {
allow 192.168.1.2/24
deny all

This will allow only the computer on your LAN with the ip address 192.168.1.2 to access your web server. All others on your lan SHOULD be blocked, and all external IP's (from the internet) should also be blocked.

Dan Ran
dan@danran.rocks
https://danran.rocks